Tor  0.4.4.0-alpha-dev
connection_edge.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2020, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file connection_edge.c
9  * \brief Handle edge streams.
10  *
11  * An edge_connection_t is a subtype of a connection_t, and represents two
12  * critical concepts in Tor: a stream, and an edge connection. From the Tor
13  * protocol's point of view, a stream is a bi-directional channel that is
14  * multiplexed on a single circuit. Each stream on a circuit is identified
15  * with a separate 16-bit stream ID, local to the (circuit,exit) pair.
16  * Streams are created in response to client requests.
17  *
18  * An edge connection is one thing that can implement a stream: it is either a
19  * TCP application socket that has arrived via (e.g.) a SOCKS request, or an
20  * exit connection.
21  *
22  * Not every instance of edge_connection_t truly represents an edge connction,
23  * however. (Sorry!) We also create edge_connection_t objects for streams that
24  * we will not be handling with TCP. The types of these streams are:
25  * <ul>
26  * <li>DNS lookup streams, created on the client side in response to
27  * a UDP DNS request received on a DNSPort, or a RESOLVE command
28  * on a controller.
29  * <li>DNS lookup streams, created on the exit side in response to
30  * a RELAY_RESOLVE cell from a client.
31  * <li>Tunneled directory streams, created on the directory cache side
32  * in response to a RELAY_BEGIN_DIR cell. These streams attach directly
33  * to a dir_connection_t object without ever using TCP.
34  * </ul>
35  *
36  * This module handles general-purpose functionality having to do with
37  * edge_connection_t. On the client side, it accepts various types of
38  * application requests on SocksPorts, TransPorts, and NATDPorts, and
39  * creates streams appropriately.
40  *
41  * This module is also responsible for implementing stream isolation:
42  * ensuring that streams that should not be linkable to one another are
43  * kept to different circuits.
44  *
45  * On the exit side, this module handles the various stream-creating
46  * type of RELAY cells by launching appropriate outgoing connections,
47  * DNS requests, or directory connection objects.
48  *
49  * And for all edge connections, this module is responsible for handling
50  * incoming and outdoing data as it arrives or leaves in the relay.c
51  * module. (Outgoing data will be packaged in
52  * connection_edge_process_inbuf() as it calls
53  * connection_edge_package_raw_inbuf(); incoming data from RELAY_DATA
54  * cells is applied in connection_edge_process_relay_cell().)
55  **/
56 #define CONNECTION_EDGE_PRIVATE
57 
58 #include "core/or/or.h"
59 
60 #include "lib/err/backtrace.h"
61 
62 #include "app/config/config.h"
64 #include "core/mainloop/mainloop.h"
66 #include "core/or/channel.h"
67 #include "core/or/circuitbuild.h"
68 #include "core/or/circuitlist.h"
69 #include "core/or/circuituse.h"
70 #include "core/or/circuitpadding.h"
72 #include "core/or/connection_or.h"
73 #include "core/or/policies.h"
74 #include "core/or/reasons.h"
75 #include "core/or/relay.h"
76 #include "core/or/sendme.h"
77 #include "core/proto/proto_http.h"
78 #include "core/proto/proto_socks.h"
80 #include "feature/client/circpathbias.h"
81 #include "feature/client/dnsserv.h"
86 #include "feature/hs/hs_cache.h"
87 #include "feature/hs/hs_circuit.h"
88 #include "feature/hs/hs_client.h"
89 #include "feature/hs/hs_common.h"
95 #include "feature/relay/dns.h"
96 #include "feature/relay/router.h"
102 #include "feature/stats/rephist.h"
103 #include "lib/buf/buffers.h"
105 
106 #include "core/or/cell_st.h"
110 #include "core/or/extend_info_st.h"
112 #include "core/or/or_circuit_st.h"
114 #include "core/or/half_edge_st.h"
117 
118 #ifdef HAVE_LINUX_TYPES_H
119 #include <linux/types.h>
120 #endif
121 #ifdef HAVE_LINUX_NETFILTER_IPV4_H
122 #include <linux/netfilter_ipv4.h>
123 #define TRANS_NETFILTER
124 #define TRANS_NETFILTER_IPV4
125 #endif
126 
127 #ifdef HAVE_LINUX_IF_H
128 #include <linux/if.h>
129 #endif
130 
131 #ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H
132 #include <linux/netfilter_ipv6/ip6_tables.h>
133 #if defined(IP6T_SO_ORIGINAL_DST)
134 #define TRANS_NETFILTER
135 #define TRANS_NETFILTER_IPV6
136 #endif
137 #endif /* defined(HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H) */
138 
139 #ifdef HAVE_FCNTL_H
140 #include <fcntl.h>
141 #endif
142 #ifdef HAVE_SYS_IOCTL_H
143 #include <sys/ioctl.h>
144 #endif
145 #ifdef HAVE_SYS_PARAM_H
146 #include <sys/param.h>
147 #endif
148 
149 #if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
150 #include <net/if.h>
151 #include <net/pfvar.h>
152 #define TRANS_PF
153 #endif
154 
155 #ifdef IP_TRANSPARENT
156 #define TRANS_TPROXY
157 #endif
158 
159 #define SOCKS4_GRANTED 90
160 #define SOCKS4_REJECT 91
161 
164 static int connection_exit_connect_dir(edge_connection_t *exitconn);
165 static int consider_plaintext_ports(entry_connection_t *conn, uint16_t port);
167 
168 /** Convert a connection_t* to an edge_connection_t*; assert if the cast is
169  * invalid. */
172 {
173  tor_assert(c->magic == EDGE_CONNECTION_MAGIC ||
174  c->magic == ENTRY_CONNECTION_MAGIC);
175  return DOWNCAST(edge_connection_t, c);
176 }
177 
179 TO_ENTRY_CONN(connection_t *c)
180 {
181  tor_assert(c->magic == ENTRY_CONNECTION_MAGIC);
182  return (entry_connection_t*) SUBTYPE_P(c, entry_connection_t, edge_.base_);
183 }
184 
186 EDGE_TO_ENTRY_CONN(edge_connection_t *c)
187 {
188  tor_assert(c->base_.magic == ENTRY_CONNECTION_MAGIC);
189  return (entry_connection_t*) SUBTYPE_P(c, entry_connection_t, edge_);
190 }
191 
192 /** An AP stream has failed/finished. If it hasn't already sent back
193  * a socks reply, send one now (based on endreason). Also set
194  * has_sent_end to 1, and mark the conn.
195  */
196 MOCK_IMPL(void,
198  int line, const char *file))
199 {
200  connection_t *base_conn = ENTRY_TO_CONN(conn);
201  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
202  tor_assert(base_conn->type == CONN_TYPE_AP);
203  ENTRY_TO_EDGE_CONN(conn)->edge_has_sent_end = 1; /* no circ yet */
204 
205  /* If this is a rendezvous stream and it is failing without ever
206  * being attached to a circuit, assume that an attempt to connect to
207  * the destination hidden service has just ended.
208  *
209  * XXXX This condition doesn't limit to only streams failing
210  * without ever being attached. That sloppiness should be harmless,
211  * but we should fix it someday anyway. */
212  if ((edge_conn->on_circuit != NULL || edge_conn->edge_has_sent_end) &&
214  if (edge_conn->rend_data) {
216  }
217  }
218 
219  if (base_conn->marked_for_close) {
220  /* This call will warn as appropriate. */
221  connection_mark_for_close_(base_conn, line, file);
222  return;
223  }
224 
225  if (!conn->socks_request->has_finished) {
227  log_warn(LD_BUG,
228  "stream (marked at %s:%d) sending two socks replies?",
229  file, line);
230 
231  if (SOCKS_COMMAND_IS_CONNECT(conn->socks_request->command))
232  connection_ap_handshake_socks_reply(conn, NULL, 0, endreason);
233  else if (SOCKS_COMMAND_IS_RESOLVE(conn->socks_request->command))
235  RESOLVED_TYPE_ERROR_TRANSIENT,
236  0, NULL, -1, -1);
237  else /* unknown or no handshake at all. send no response. */
238  conn->socks_request->has_finished = 1;
239  }
240 
241  connection_mark_and_flush_(base_conn, line, file);
242 
243  ENTRY_TO_EDGE_CONN(conn)->end_reason = endreason;
244 }
245 
246 /** There was an EOF. Send an end and mark the connection for close.
247  */
248 int
250 {
251  if (connection_get_inbuf_len(TO_CONN(conn)) &&
253  /* it still has stuff to process. don't let it die yet. */
254  return 0;
255  }
256  log_info(LD_EDGE,"conn (fd "TOR_SOCKET_T_FORMAT") reached eof. Closing.",
257  conn->base_.s);
258  if (!conn->base_.marked_for_close) {
259  /* only mark it if not already marked. it's possible to
260  * get the 'end' right around when the client hangs up on us. */
261  connection_edge_end(conn, END_STREAM_REASON_DONE);
262  if (conn->base_.type == CONN_TYPE_AP) {
263  /* eof, so don't send a socks reply back */
264  if (EDGE_TO_ENTRY_CONN(conn)->socks_request)
265  EDGE_TO_ENTRY_CONN(conn)->socks_request->has_finished = 1;
266  }
267  connection_mark_for_close(TO_CONN(conn));
268  }
269  return 0;
270 }
271 
272 /** Handle new bytes on conn->inbuf based on state:
273  * - If it's waiting for socks info, try to read another step of the
274  * socks handshake out of conn->inbuf.
275  * - If it's waiting for the original destination, fetch it.
276  * - If it's open, then package more relay cells from the stream.
277  * - Else, leave the bytes on inbuf alone for now.
278  *
279  * Mark and return -1 if there was an unexpected error with the conn,
280  * else return 0.
281  */
282 int
284 {
285  tor_assert(conn);
286 
287  switch (conn->base_.state) {
289  if (connection_ap_handshake_process_socks(EDGE_TO_ENTRY_CONN(conn)) <0) {
290  /* already marked */
291  return -1;
292  }
293  return 0;
295  if (connection_ap_process_natd(EDGE_TO_ENTRY_CONN(conn)) < 0) {
296  /* already marked */
297  return -1;
298  }
299  return 0;
301  if (connection_ap_process_http_connect(EDGE_TO_ENTRY_CONN(conn)) < 0) {
302  return -1;
303  }
304  return 0;
305  case AP_CONN_STATE_OPEN:
306  if (! conn->base_.linked) {
308  }
309 
310  /* falls through. */
312  if (connection_edge_package_raw_inbuf(conn, package_partial, NULL) < 0) {
313  /* (We already sent an end cell if possible) */
314  connection_mark_for_close(TO_CONN(conn));
315  return -1;
316  }
317  return 0;
319  if (connection_ap_supports_optimistic_data(EDGE_TO_ENTRY_CONN(conn))) {
320  log_info(LD_EDGE,
321  "data from edge while in '%s' state. Sending it anyway. "
322  "package_partial=%d, buflen=%ld",
323  conn_state_to_string(conn->base_.type, conn->base_.state),
324  package_partial,
325  (long)connection_get_inbuf_len(TO_CONN(conn)));
326  if (connection_edge_package_raw_inbuf(conn, package_partial, NULL)<0) {
327  /* (We already sent an end cell if possible) */
328  connection_mark_for_close(TO_CONN(conn));
329  return -1;
330  }
331  return 0;
332  }
333  /* Fall through if the connection is on a circuit without optimistic
334  * data support. */
335  /* Falls through. */
341  log_info(LD_EDGE,
342  "data from edge while in '%s' state. Leaving it on buffer.",
343  conn_state_to_string(conn->base_.type, conn->base_.state));
344  return 0;
345  }
346  log_warn(LD_BUG,"Got unexpected state %d. Closing.",conn->base_.state);
348  connection_edge_end(conn, END_STREAM_REASON_INTERNAL);
349  connection_mark_for_close(TO_CONN(conn));
350  return -1;
351 }
352 
353 /** This edge needs to be closed, because its circuit has closed.
354  * Mark it for close and return 0.
355  */
356 int
358 {
359  if (!conn->base_.marked_for_close) {
360  log_info(LD_EDGE, "CircID %u: At an edge. Marking connection for close.",
361  (unsigned) circ_id);
362  if (conn->base_.type == CONN_TYPE_AP) {
363  entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
364  connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_DESTROY);
366  control_event_stream_status(entry_conn, STREAM_EVENT_CLOSED,
367  END_STREAM_REASON_DESTROY);
369  } else {
370  /* closing the circuit, nothing to send an END to */
371  conn->edge_has_sent_end = 1;
372  conn->end_reason = END_STREAM_REASON_DESTROY;
374  connection_mark_and_flush(TO_CONN(conn));
375  }
376  }
377  conn->cpath_layer = NULL;
378  conn->on_circuit = NULL;
379  return 0;
380 }
381 
382 /** Send a raw end cell to the stream with ID <b>stream_id</b> out over the
383  * <b>circ</b> towards the hop identified with <b>cpath_layer</b>. If this
384  * is not a client connection, set the relay end cell's reason for closing
385  * as <b>reason</b> */
386 static int
388  uint8_t reason, crypt_path_t *cpath_layer)
389 {
390  char payload[1];
391 
392  if (CIRCUIT_PURPOSE_IS_CLIENT(circ->purpose)) {
393  /* Never send the server an informative reason code; it doesn't need to
394  * know why the client stream is failing. */
395  reason = END_STREAM_REASON_MISC;
396  }
397 
398  payload[0] = (char) reason;
399 
400  /* Note: we have to use relay_send_command_from_edge here, not
401  * connection_edge_end or connection_edge_send_command, since those require
402  * that we have a stream connected to a circuit, and we don't connect to a
403  * circuit until we have a pending/successful resolve. */
404  return relay_send_command_from_edge(stream_id, circ, RELAY_COMMAND_END,
405  payload, 1, cpath_layer);
406 }
407 
408 /* If the connection <b>conn</b> is attempting to connect to an external
409  * destination that is an hidden service and the reason is a connection
410  * refused or timeout, log it so the operator can take appropriate actions.
411  * The log statement is a rate limited warning. */
412 static void
413 warn_if_hs_unreachable(const edge_connection_t *conn, uint8_t reason)
414 {
415  tor_assert(conn);
416 
417  if (conn->base_.type == CONN_TYPE_EXIT &&
419  (reason == END_STREAM_REASON_CONNECTREFUSED ||
420  reason == END_STREAM_REASON_TIMEOUT)) {
421 #define WARN_FAILED_HS_CONNECTION 300
422  static ratelim_t warn_limit = RATELIM_INIT(WARN_FAILED_HS_CONNECTION);
423  char *m;
424  if ((m = rate_limit_log(&warn_limit, approx_time()))) {
425  log_warn(LD_EDGE, "Onion service connection to %s failed (%s)",
426  (conn->base_.socket_family == AF_UNIX) ?
427  safe_str(conn->base_.address) :
428  safe_str(fmt_addrport(&conn->base_.addr, conn->base_.port)),
430  tor_free(m);
431  }
432  }
433 }
434 
435 /** Given a TTL (in seconds) from a DNS response or from a relay, determine
436  * what TTL clients and relays should actually use for caching it. */
437 uint32_t
438 clip_dns_ttl(uint32_t ttl)
439 {
440  /* This logic is a defense against "DefectTor" DNS-based traffic
441  * confirmation attacks, as in https://nymity.ch/tor-dns/tor-dns.pdf .
442  * We only give two values: a "low" value and a "high" value.
443  */
444  if (ttl < MIN_DNS_TTL)
445  return MIN_DNS_TTL;
446  else
447  return MAX_DNS_TTL;
448 }
449 
450 /** Send a relay end cell from stream <b>conn</b> down conn's circuit, and
451  * remember that we've done so. If this is not a client connection, set the
452  * relay end cell's reason for closing as <b>reason</b>.
453  *
454  * Return -1 if this function has already been called on this conn,
455  * else return 0.
456  */
457 int
459 {
460  char payload[RELAY_PAYLOAD_SIZE];
461  size_t payload_len=1;
462  circuit_t *circ;
463  uint8_t control_reason = reason;
464 
465  if (conn->edge_has_sent_end) {
466  log_warn(LD_BUG,"(Harmless.) Calling connection_edge_end (reason %d) "
467  "on an already ended stream?", reason);
469  return -1;
470  }
471 
472  if (conn->base_.marked_for_close) {
473  log_warn(LD_BUG,
474  "called on conn that's already marked for close at %s:%d.",
475  conn->base_.marked_for_close_file, conn->base_.marked_for_close);
476  return 0;
477  }
478 
479  circ = circuit_get_by_edge_conn(conn);
480  if (circ && CIRCUIT_PURPOSE_IS_CLIENT(circ->purpose)) {
481  /* If this is a client circuit, don't send the server an informative
482  * reason code; it doesn't need to know why the client stream is
483  * failing. */
484  reason = END_STREAM_REASON_MISC;
485  }
486 
487  payload[0] = (char)reason;
488  if (reason == END_STREAM_REASON_EXITPOLICY &&
490  int addrlen;
491  if (tor_addr_family(&conn->base_.addr) == AF_INET) {
492  set_uint32(payload+1, tor_addr_to_ipv4n(&conn->base_.addr));
493  addrlen = 4;
494  } else {
495  memcpy(payload+1, tor_addr_to_in6_addr8(&conn->base_.addr), 16);
496  addrlen = 16;
497  }
498  set_uint32(payload+1+addrlen, htonl(clip_dns_ttl(conn->address_ttl)));
499  payload_len += 4+addrlen;
500  }
501 
502  if (circ && !circ->marked_for_close) {
503  log_debug(LD_EDGE,"Sending end on conn (fd "TOR_SOCKET_T_FORMAT").",
504  conn->base_.s);
505 
506  if (CIRCUIT_IS_ORIGIN(circ)) {
507  origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
508  connection_half_edge_add(conn, origin_circ);
509  }
510 
511  connection_edge_send_command(conn, RELAY_COMMAND_END,
512  payload, payload_len);
513  /* We'll log warn if the connection was an hidden service and couldn't be
514  * made because the service wasn't available. */
515  warn_if_hs_unreachable(conn, control_reason);
516  } else {
517  log_debug(LD_EDGE,"No circ to send end on conn "
518  "(fd "TOR_SOCKET_T_FORMAT").",
519  conn->base_.s);
520  }
521 
522  conn->edge_has_sent_end = 1;
523  conn->end_reason = control_reason;
524  return 0;
525 }
526 
527 /**
528  * Helper function for bsearch.
529  *
530  * As per smartlist_bsearch, return < 0 if key preceeds member,
531  * > 0 if member preceeds key, and 0 if they are equal.
532  *
533  * This is equivalent to subtraction of the values of key - member
534  * (why does no one ever say that explicitly?).
535  */
536 static int
537 connection_half_edge_compare_bsearch(const void *key, const void **member)
538 {
539  const half_edge_t *e2;
540  tor_assert(key);
541  tor_assert(member && *(half_edge_t**)member);
542  e2 = *(const half_edge_t **)member;
543 
544  return *(const streamid_t*)key - e2->stream_id;
545 }
546 
547 /** Total number of half_edge_t objects allocated */
548 static size_t n_half_conns_allocated = 0;
549 
550 /**
551  * Add a half-closed connection to the list, to watch for activity.
552  *
553  * These connections are removed from the list upon receiving an end
554  * cell.
555  */
556 STATIC void
558  origin_circuit_t *circ)
559 {
560  half_edge_t *half_conn = NULL;
561  int insert_at = 0;
562  int ignored;
563 
564  /* Double-check for re-insertion. This should not happen,
565  * but this check is cheap compared to the sort anyway */
567  conn->stream_id)) {
568  log_warn(LD_BUG, "Duplicate stream close for stream %d on circuit %d",
569  conn->stream_id, circ->global_identifier);
570  return;
571  }
572 
573  half_conn = tor_malloc_zero(sizeof(half_edge_t));
575 
576  if (!circ->half_streams) {
577  circ->half_streams = smartlist_new();
578  }
579 
580  half_conn->stream_id = conn->stream_id;
581 
582  // How many sendme's should I expect?
583  half_conn->sendmes_pending =
585 
586  // Is there a connected cell pending?
587  half_conn->connected_pending = conn->base_.state ==
589 
590  /* Data should only arrive if we're not waiting on a resolved cell.
591  * It can arrive after waiting on connected, because of optimistic
592  * data. */
593  if (conn->base_.state != AP_CONN_STATE_RESOLVE_WAIT) {
594  // How many more data cells can arrive on this id?
595  half_conn->data_pending = conn->deliver_window;
596  }
597 
598  insert_at = smartlist_bsearch_idx(circ->half_streams, &half_conn->stream_id,
600  &ignored);
601  smartlist_insert(circ->half_streams, insert_at, half_conn);
602 }
603 
604 /** Release space held by <b>he</b> */
605 void
607 {
608  if (!he)
609  return;
611  tor_free(he);
612 }
613 
614 /** Return the number of bytes devoted to storing info on half-open streams. */
615 size_t
617 {
618  return n_half_conns_allocated * sizeof(half_edge_t);
619 }
620 
621 /**
622  * Find a stream_id_t in the list in O(lg(n)).
623  *
624  * Returns NULL if the list is empty or element is not found.
625  * Returns a pointer to the element if found.
626  */
629  streamid_t stream_id)
630 {
631  if (!half_conns)
632  return NULL;
633 
634  return smartlist_bsearch(half_conns, &stream_id,
636 }
637 
638 /**
639  * Check if this stream_id is in a half-closed state. If so,
640  * check if it still has data cells pending, and decrement that
641  * window if so.
642  *
643  * Return 1 if the data window was not empty.
644  * Return 0 otherwise.
645  */
646 int
648  streamid_t stream_id)
649 {
651  stream_id);
652 
653  if (!half)
654  return 0;
655 
656  if (half->data_pending > 0) {
657  half->data_pending--;
658  return 1;
659  }
660 
661  return 0;
662 }
663 
664 /**
665  * Check if this stream_id is in a half-closed state. If so,
666  * check if it still has a connected cell pending, and decrement
667  * that window if so.
668  *
669  * Return 1 if the connected window was not empty.
670  * Return 0 otherwise.
671  */
672 int
674  streamid_t stream_id)
675 {
677  stream_id);
678 
679  if (!half)
680  return 0;
681 
682  if (half->connected_pending) {
683  half->connected_pending = 0;
684  return 1;
685  }
686 
687  return 0;
688 }
689 
690 /**
691  * Check if this stream_id is in a half-closed state. If so,
692  * check if it still has sendme cells pending, and decrement that
693  * window if so.
694  *
695  * Return 1 if the sendme window was not empty.
696  * Return 0 otherwise.
697  */
698 int
700  streamid_t stream_id)
701 {
703  stream_id);
704 
705  if (!half)
706  return 0;
707 
708  if (half->sendmes_pending > 0) {
709  half->sendmes_pending--;
710  return 1;
711  }
712 
713  return 0;
714 }
715 
716 /**
717  * Check if this stream_id is in a half-closed state. If so, remove
718  * it from the list. No other data should come after the END cell.
719  *
720  * Return 1 if stream_id was in half-closed state.
721  * Return 0 otherwise.
722  */
723 int
725  streamid_t stream_id)
726 {
727  half_edge_t *half;
728  int found, remove_idx;
729 
730  if (!half_conns)
731  return 0;
732 
733  remove_idx = smartlist_bsearch_idx(half_conns, &stream_id,
735  &found);
736  if (!found)
737  return 0;
738 
739  half = smartlist_get(half_conns, remove_idx);
740  smartlist_del_keeporder(half_conns, remove_idx);
741  half_edge_free(half);
742  return 1;
743 }
744 
745 /**
746  * Streams that were used to send a RESOLVE cell are closed
747  * when they get the RESOLVED, without an end. So treat
748  * a RESOLVED just like an end, and remove from the list.
749  */
750 int
752  streamid_t stream_id)
753 {
754  return connection_half_edge_is_valid_end(half_conns, stream_id);
755 }
756 
757 /** An error has just occurred on an operation on an edge connection
758  * <b>conn</b>. Extract the errno; convert it to an end reason, and send an
759  * appropriate relay end cell to the other end of the connection's circuit.
760  **/
761 int
763 {
764  uint8_t reason;
765  tor_assert(conn);
766  reason = errno_to_stream_end_reason(tor_socket_errno(conn->base_.s));
767  return connection_edge_end(conn, reason);
768 }
769 
770 /** We just wrote some data to <b>conn</b>; act appropriately.
771  *
772  * (That is, if it's open, consider sending a stream-level sendme cell if we
773  * have just flushed enough.)
774  */
775 int
777 {
778  switch (conn->base_.state) {
779  case AP_CONN_STATE_OPEN:
780  if (! conn->base_.linked) {
782  }
783 
784  /* falls through. */
787  break;
788  }
789  return 0;
790 }
791 
792 /** Connection <b>conn</b> has finished writing and has no bytes left on
793  * its outbuf.
794  *
795  * If it's in state 'open', stop writing, consider responding with a
796  * sendme, and return.
797  * Otherwise, stop writing and return.
798  *
799  * If <b>conn</b> is broken, mark it for close and return -1, else
800  * return 0.
801  */
802 int
804 {
805  tor_assert(conn);
806 
807  switch (conn->base_.state) {
808  case AP_CONN_STATE_OPEN:
811  return 0;
820  return 0;
821  default:
822  log_warn(LD_BUG, "Called in unexpected state %d.",conn->base_.state);
824  return -1;
825  }
826  return 0;
827 }
828 
829 /** Longest size for the relay payload of a RELAY_CONNECTED cell that we're
830  * able to generate. */
831 /* 4 zero bytes; 1 type byte; 16 byte IPv6 address; 4 byte TTL. */
832 #define MAX_CONNECTED_CELL_PAYLOAD_LEN 25
833 
834 /** Set the buffer at <b>payload_out</b> -- which must have at least
835  * MAX_CONNECTED_CELL_PAYLOAD_LEN bytes available -- to the body of a
836  * RELAY_CONNECTED cell indicating that we have connected to <b>addr</b>, and
837  * that the name resolution that led us to <b>addr</b> will be valid for
838  * <b>ttl</b> seconds. Return -1 on error, or the number of bytes used on
839  * success. */
840 STATIC int
841 connected_cell_format_payload(uint8_t *payload_out,
842  const tor_addr_t *addr,
843  uint32_t ttl)
844 {
845  const sa_family_t family = tor_addr_family(addr);
846  int connected_payload_len;
847 
848  /* should be needless */
849  memset(payload_out, 0, MAX_CONNECTED_CELL_PAYLOAD_LEN);
850 
851  if (family == AF_INET) {
852  set_uint32(payload_out, tor_addr_to_ipv4n(addr));
853  connected_payload_len = 4;
854  } else if (family == AF_INET6) {
855  set_uint32(payload_out, 0);
856  set_uint8(payload_out + 4, 6);
857  memcpy(payload_out + 5, tor_addr_to_in6_addr8(addr), 16);
858  connected_payload_len = 21;
859  } else {
860  return -1;
861  }
862 
863  set_uint32(payload_out + connected_payload_len, htonl(clip_dns_ttl(ttl)));
864  connected_payload_len += 4;
865 
866  tor_assert(connected_payload_len <= MAX_CONNECTED_CELL_PAYLOAD_LEN);
867 
868  return connected_payload_len;
869 }
870 
871 /* This is an onion service client connection: Export the client circuit ID
872  * according to the HAProxy proxy protocol. */
873 STATIC void
874 export_hs_client_circuit_id(edge_connection_t *edge_conn,
875  hs_circuit_id_protocol_t protocol)
876 {
877  /* We only support HAProxy right now. */
878  if (protocol != HS_CIRCUIT_ID_PROTOCOL_HAPROXY)
879  return;
880 
881  char *buf = NULL;
882  const char dst_ipv6[] = "::1";
883  /* See RFC4193 regarding fc00::/7 */
884  const char src_ipv6_prefix[] = "fc00:dead:beef:4dad:";
885  uint16_t dst_port = 0;
886  uint16_t src_port = 1; /* default value */
887  uint32_t gid = 0; /* default value */
888 
889  /* Generate a GID and source port for this client */
890  if (edge_conn->on_circuit != NULL) {
892  src_port = gid & 0x0000ffff;
893  }
894 
895  /* Grab the original dest port from the hs ident */
896  if (edge_conn->hs_ident) {
897  dst_port = edge_conn->hs_ident->orig_virtual_port;
898  }
899 
900  /* Build the string */
901  tor_asprintf(&buf, "PROXY TCP6 %s:%x:%x %s %d %d\r\n",
902  src_ipv6_prefix,
903  gid >> 16, gid & 0x0000ffff,
904  dst_ipv6, src_port, dst_port);
905 
906  connection_buf_add(buf, strlen(buf), TO_CONN(edge_conn));
907 
908  tor_free(buf);
909 }
910 
911 /** Connected handler for exit connections: start writing pending
912  * data, deliver 'CONNECTED' relay cells as appropriate, and check
913  * any pending data that may have been received. */
914 int
916 {
917  connection_t *conn;
918 
919  tor_assert(edge_conn);
920  tor_assert(edge_conn->base_.type == CONN_TYPE_EXIT);
921  conn = TO_CONN(edge_conn);
923 
924  log_info(LD_EXIT,"Exit connection to %s:%u (%s) established.",
925  escaped_safe_str(conn->address), conn->port,
926  safe_str(fmt_and_decorate_addr(&conn->addr)));
927 
929 
930  conn->state = EXIT_CONN_STATE_OPEN;
931 
932  connection_watch_events(conn, READ_EVENT); /* stop writing, keep reading */
933  if (connection_get_outbuf_len(conn)) /* in case there are any queued relay
934  * cells */
936  /* deliver a 'connected' relay cell back through the circuit. */
937  if (connection_edge_is_rendezvous_stream(edge_conn)) {
938  if (connection_edge_send_command(edge_conn,
939  RELAY_COMMAND_CONNECTED, NULL, 0) < 0)
940  return 0; /* circuit is closed, don't continue */
941  } else {
942  uint8_t connected_payload[MAX_CONNECTED_CELL_PAYLOAD_LEN];
943  int connected_payload_len =
944  connected_cell_format_payload(connected_payload, &conn->addr,
945  edge_conn->address_ttl);
946  if (connected_payload_len < 0)
947  return -1;
948 
949  if (connection_edge_send_command(edge_conn,
950  RELAY_COMMAND_CONNECTED,
951  (char*)connected_payload, connected_payload_len) < 0)
952  return 0; /* circuit is closed, don't continue */
953  }
954  tor_assert(edge_conn->package_window > 0);
955  /* in case the server has written anything */
956  return connection_edge_process_inbuf(edge_conn, 1);
957 }
958 
959 /** A list of all the entry_connection_t * objects that are not marked
960  * for close, and are in AP_CONN_STATE_CIRCUIT_WAIT.
961  *
962  * (Right now, we check in several places to make sure that this list is
963  * correct. When it's incorrect, we'll fix it, and log a BUG message.)
964  */
966 
967 static int untried_pending_connections = 0;
968 
969 /**
970  * Mainloop event to tell us to scan for pending connections that can
971  * be attached.
972  */
974 
975 /** Common code to connection_(ap|exit)_about_to_close. */
976 static void
978 {
979  if (!edge_conn->edge_has_sent_end) {
980  connection_t *conn = TO_CONN(edge_conn);
981  log_warn(LD_BUG, "(Harmless.) Edge connection (marked at %s:%d) "
982  "hasn't sent end yet?",
985  }
986 }
987 
988 /** Called when we're about to finally unlink and free an AP (client)
989  * connection: perform necessary accounting and cleanup */
990 void
992 {
993  circuit_t *circ;
994  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(entry_conn);
995  connection_t *conn = ENTRY_TO_CONN(entry_conn);
996 
998 
999  if (entry_conn->socks_request->has_finished == 0) {
1000  /* since conn gets removed right after this function finishes,
1001  * there's no point trying to send back a reply at this point. */
1002  log_warn(LD_BUG,"Closing stream (marked at %s:%d) without sending"
1003  " back a socks reply.",
1005  }
1006  if (!edge_conn->end_reason) {
1007  log_warn(LD_BUG,"Closing stream (marked at %s:%d) without having"
1008  " set end_reason.",
1010  }
1011  if (entry_conn->dns_server_request) {
1012  log_warn(LD_BUG,"Closing stream (marked at %s:%d) without having"
1013  " replied to DNS request.",
1015  dnsserv_reject_request(entry_conn);
1016  }
1017 
1018  if (TO_CONN(edge_conn)->state == AP_CONN_STATE_CIRCUIT_WAIT) {
1020  }
1021 
1022 #if 1
1023  /* Check to make sure that this isn't in pending_entry_connections if it
1024  * didn't actually belong there. */
1025  if (TO_CONN(edge_conn)->type == CONN_TYPE_AP) {
1026  connection_ap_warn_and_unmark_if_pending_circ(entry_conn,
1027  "about_to_close");
1028  }
1029 #endif /* 1 */
1030 
1031  control_event_stream_bandwidth(edge_conn);
1032  control_event_stream_status(entry_conn, STREAM_EVENT_CLOSED,
1033  edge_conn->end_reason);
1034  circ = circuit_get_by_edge_conn(edge_conn);
1035  if (circ)
1036  circuit_detach_stream(circ, edge_conn);
1037 }
1038 
1039 /** Called when we're about to finally unlink and free an exit
1040  * connection: perform necessary accounting and cleanup */
1041 void
1043 {
1044  circuit_t *circ;
1045  connection_t *conn = TO_CONN(edge_conn);
1046 
1047  connection_edge_about_to_close(edge_conn);
1048 
1049  circ = circuit_get_by_edge_conn(edge_conn);
1050  if (circ)
1051  circuit_detach_stream(circ, edge_conn);
1052  if (conn->state == EXIT_CONN_STATE_RESOLVING) {
1053  connection_dns_remove(edge_conn);
1054  }
1055 }
1056 
1057 /** Define a schedule for how long to wait between retrying
1058  * application connections. Rather than waiting a fixed amount of
1059  * time between each retry, we wait 10 seconds each for the first
1060  * two tries, and 15 seconds for each retry after
1061  * that. Hopefully this will improve the expected user experience. */
1062 static int
1064 {
1065  int timeout = get_options()->CircuitStreamTimeout;
1066  if (timeout) /* if our config options override the default, use them */
1067  return timeout;
1068  if (conn->num_socks_retries < 2) /* try 0 and try 1 */
1069  return 10;
1070  return 15;
1071 }
1072 
1073 /** Find all general-purpose AP streams waiting for a response that sent their
1074  * begin/resolve cell too long ago. Detach from their current circuit, and
1075  * mark their current circuit as unsuitable for new streams. Then call
1076  * connection_ap_handshake_attach_circuit() to attach to a new circuit (if
1077  * available) or launch a new one.
1078  *
1079  * For rendezvous streams, simply give up after SocksTimeout seconds (with no
1080  * retry attempt).
1081  */
1082 void
1084 {
1085  edge_connection_t *conn;
1086  entry_connection_t *entry_conn;
1087  circuit_t *circ;
1088  time_t now = time(NULL);
1089  const or_options_t *options = get_options();
1090  int severity;
1091  int cutoff;
1092  int seconds_idle, seconds_since_born;
1093  smartlist_t *conns = get_connection_array();
1094 
1095  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, base_conn) {
1096  if (base_conn->type != CONN_TYPE_AP || base_conn->marked_for_close)
1097  continue;
1098  entry_conn = TO_ENTRY_CONN(base_conn);
1099  conn = ENTRY_TO_EDGE_CONN(entry_conn);
1100  /* if it's an internal linked connection, don't yell its status. */
1101  severity = (tor_addr_is_null(&base_conn->addr) && !base_conn->port)
1102  ? LOG_INFO : LOG_NOTICE;
1103  seconds_idle = (int)( now - base_conn->timestamp_last_read_allowed );
1104  seconds_since_born = (int)( now - base_conn->timestamp_created );
1105 
1106  if (base_conn->state == AP_CONN_STATE_OPEN)
1107  continue;
1108 
1109  /* We already consider SocksTimeout in
1110  * connection_ap_handshake_attach_circuit(), but we need to consider
1111  * it here too because controllers that put streams in controller_wait
1112  * state never ask Tor to attach the circuit. */
1113  if (AP_CONN_STATE_IS_UNATTACHED(base_conn->state)) {
1114  if (seconds_since_born >= options->SocksTimeout) {
1115  log_fn(severity, LD_APP,
1116  "Tried for %d seconds to get a connection to %s:%d. "
1117  "Giving up. (%s)",
1118  seconds_since_born,
1119  safe_str_client(entry_conn->socks_request->address),
1120  entry_conn->socks_request->port,
1121  conn_state_to_string(CONN_TYPE_AP, base_conn->state));
1122  connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TIMEOUT);
1123  }
1124  continue;
1125  }
1126 
1127  /* We're in state connect_wait or resolve_wait now -- waiting for a
1128  * reply to our relay cell. See if we want to retry/give up. */
1129 
1130  cutoff = compute_retry_timeout(entry_conn);
1131  if (seconds_idle < cutoff)
1132  continue;
1133  circ = circuit_get_by_edge_conn(conn);
1134  if (!circ) { /* it's vanished? */
1135  log_info(LD_APP,"Conn is waiting (address %s), but lost its circ.",
1136  safe_str_client(entry_conn->socks_request->address));
1137  connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TIMEOUT);
1138  continue;
1139  }
1140  if (circ->purpose == CIRCUIT_PURPOSE_C_REND_JOINED) {
1141  if (seconds_idle >= options->SocksTimeout) {
1142  log_fn(severity, LD_REND,
1143  "Rend stream is %d seconds late. Giving up on address"
1144  " '%s.onion'.",
1145  seconds_idle,
1146  safe_str_client(entry_conn->socks_request->address));
1147  /* Roll back path bias use state so that we probe the circuit
1148  * if nothing else succeeds on it */
1150 
1151  connection_edge_end(conn, END_STREAM_REASON_TIMEOUT);
1152  connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TIMEOUT);
1153  }
1154  continue;
1155  }
1156 
1157  if (circ->purpose != CIRCUIT_PURPOSE_C_GENERAL &&
1162  log_warn(LD_BUG, "circuit->purpose == CIRCUIT_PURPOSE_C_GENERAL failed. "
1163  "The purpose on the circuit was %s; it was in state %s, "
1164  "path_state %s.",
1167  CIRCUIT_IS_ORIGIN(circ) ?
1168  pathbias_state_to_string(TO_ORIGIN_CIRCUIT(circ)->path_state) :
1169  "none");
1170  }
1171  log_fn(cutoff < 15 ? LOG_INFO : severity, LD_APP,
1172  "We tried for %d seconds to connect to '%s' using exit %s."
1173  " Retrying on a new circuit.",
1174  seconds_idle,
1175  safe_str_client(entry_conn->socks_request->address),
1176  conn->cpath_layer ?
1178  "*unnamed*");
1179  /* send an end down the circuit */
1180  connection_edge_end(conn, END_STREAM_REASON_TIMEOUT);
1181  /* un-mark it as ending, since we're going to reuse it */
1182  conn->edge_has_sent_end = 0;
1183  conn->end_reason = 0;
1184  /* make us not try this circuit again, but allow
1185  * current streams on it to survive if they can */
1187 
1188  /* give our stream another 'cutoff' seconds to try */
1189  conn->base_.timestamp_last_read_allowed += cutoff;
1190  if (entry_conn->num_socks_retries < 250) /* avoid overflow */
1191  entry_conn->num_socks_retries++;
1192  /* move it back into 'pending' state, and try to attach. */
1193  if (connection_ap_detach_retriable(entry_conn, TO_ORIGIN_CIRCUIT(circ),
1194  END_STREAM_REASON_TIMEOUT)<0) {
1195  if (!base_conn->marked_for_close)
1196  connection_mark_unattached_ap(entry_conn,
1198  }
1199  } SMARTLIST_FOREACH_END(base_conn);
1200 }
1201 
1202 /**
1203  * As connection_ap_attach_pending, but first scans the entire connection
1204  * array to see if any elements are missing.
1205  */
1206 void
1208 {
1209  entry_connection_t *entry_conn;
1210  smartlist_t *conns = get_connection_array();
1211 
1212  if (PREDICT_UNLIKELY(NULL == pending_entry_connections))
1214 
1215  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
1216  if (conn->marked_for_close ||
1217  conn->type != CONN_TYPE_AP ||
1218  conn->state != AP_CONN_STATE_CIRCUIT_WAIT)
1219  continue;
1220 
1221  entry_conn = TO_ENTRY_CONN(conn);
1222  tor_assert(entry_conn);
1223  if (! smartlist_contains(pending_entry_connections, entry_conn)) {
1224  log_warn(LD_BUG, "Found a connection %p that was supposed to be "
1225  "in pending_entry_connections, but wasn't. No worries; "
1226  "adding it.",
1228  untried_pending_connections = 1;
1229  connection_ap_mark_as_pending_circuit(entry_conn);
1230  }
1231 
1232  } SMARTLIST_FOREACH_END(conn);
1233 
1235 }
1236 
1237 #ifdef DEBUGGING_17659
1238 #define UNMARK() do { \
1239  entry_conn->marked_pending_circ_line = 0; \
1240  entry_conn->marked_pending_circ_file = 0; \
1241  } while (0)
1242 #else /* !defined(DEBUGGING_17659) */
1243 #define UNMARK() do { } while (0)
1244 #endif /* defined(DEBUGGING_17659) */
1245 
1246 /** Tell any AP streams that are listed as waiting for a new circuit to try
1247  * again. If there is an available circuit for a stream, attach it. Otherwise,
1248  * launch a new circuit.
1249  *
1250  * If <b>retry</b> is false, only check the list if it contains at least one
1251  * streams that we have not yet tried to attach to a circuit.
1252  */
1253 void
1255 {
1256  if (PREDICT_UNLIKELY(!pending_entry_connections)) {
1257  return;
1258  }
1259 
1260  if (untried_pending_connections == 0 && !retry)
1261  return;
1262 
1263  /* Don't allow any modifications to list while we are iterating over
1264  * it. We'll put streams back on this list if we can't attach them
1265  * immediately. */
1268 
1269  SMARTLIST_FOREACH_BEGIN(pending,
1270  entry_connection_t *, entry_conn) {
1271  connection_t *conn = ENTRY_TO_CONN(entry_conn);
1272  tor_assert(conn && entry_conn);
1273  if (conn->marked_for_close) {
1274  UNMARK();
1275  continue;
1276  }
1277  if (conn->magic != ENTRY_CONNECTION_MAGIC) {
1278  log_warn(LD_BUG, "%p has impossible magic value %u.",
1279  entry_conn, (unsigned)conn->magic);
1280  UNMARK();
1281  continue;
1282  }
1283  if (conn->state != AP_CONN_STATE_CIRCUIT_WAIT) {
1284  log_warn(LD_BUG, "%p is no longer in circuit_wait. Its current state "
1285  "is %s. Why is it on pending_entry_connections?",
1286  entry_conn,
1287  conn_state_to_string(conn->type, conn->state));
1288  UNMARK();
1289  continue;
1290  }
1291 
1292  /* Okay, we're through the sanity checks. Try to handle this stream. */
1293  if (connection_ap_handshake_attach_circuit(entry_conn) < 0) {
1294  if (!conn->marked_for_close)
1295  connection_mark_unattached_ap(entry_conn,
1297  }
1298 
1299  if (! conn->marked_for_close &&
1300  conn->type == CONN_TYPE_AP &&
1301  conn->state == AP_CONN_STATE_CIRCUIT_WAIT) {
1302  /* Is it still waiting for a circuit? If so, we didn't attach it,
1303  * so it's still pending. Put it back on the list.
1304  */
1305  if (!smartlist_contains(pending_entry_connections, entry_conn)) {
1307  continue;
1308  }
1309  }
1310 
1311  /* If we got here, then we either closed the connection, or
1312  * we attached it. */
1313  UNMARK();
1314  } SMARTLIST_FOREACH_END(entry_conn);
1315 
1316  smartlist_free(pending);
1317  untried_pending_connections = 0;
1318 }
1319 
1320 static void
1321 attach_pending_entry_connections_cb(mainloop_event_t *ev, void *arg)
1322 {
1323  (void)ev;
1324  (void)arg;
1326 }
1327 
1328 /** Mark <b>entry_conn</b> as needing to get attached to a circuit.
1329  *
1330  * And <b>entry_conn</b> must be in AP_CONN_STATE_CIRCUIT_WAIT,
1331  * should not already be pending a circuit. The circuit will get
1332  * launched or the connection will get attached the next time we
1333  * call connection_ap_attach_pending().
1334  */
1335 void
1337  const char *fname, int lineno)
1338 {
1339  connection_t *conn = ENTRY_TO_CONN(entry_conn);
1341  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
1342  if (conn->marked_for_close)
1343  return;
1344 
1345  if (PREDICT_UNLIKELY(NULL == pending_entry_connections)) {
1347  }
1348  if (PREDICT_UNLIKELY(NULL == attach_pending_entry_connections_ev)) {
1350  attach_pending_entry_connections_cb, NULL);
1351  }
1352  if (PREDICT_UNLIKELY(smartlist_contains(pending_entry_connections,
1353  entry_conn))) {
1354  log_warn(LD_BUG, "What?? pending_entry_connections already contains %p! "
1355  "(Called from %s:%d.)",
1356  entry_conn, fname, lineno);
1357 #ifdef DEBUGGING_17659
1358  const char *f2 = entry_conn->marked_pending_circ_file;
1359  log_warn(LD_BUG, "(Previously called from %s:%d.)\n",
1360  f2 ? f2 : "<NULL>",
1361  entry_conn->marked_pending_circ_line);
1362 #endif /* defined(DEBUGGING_17659) */
1363  log_backtrace(LOG_WARN, LD_BUG, "To debug, this may help");
1364  return;
1365  }
1366 
1367 #ifdef DEBUGGING_17659
1368  entry_conn->marked_pending_circ_line = (uint16_t) lineno;
1369  entry_conn->marked_pending_circ_file = fname;
1370 #endif
1371 
1372  untried_pending_connections = 1;
1374 
1376 }
1377 
1378 /** Mark <b>entry_conn</b> as no longer waiting for a circuit. */
1379 void
1381 {
1382  if (PREDICT_UNLIKELY(NULL == pending_entry_connections))
1383  return;
1384  UNMARK();
1386 }
1387 
1388 /** Mark <b>entry_conn</b> as waiting for a rendezvous descriptor. This
1389  * function will remove the entry connection from the waiting for a circuit
1390  * list (pending_entry_connections).
1391  *
1392  * This pattern is used across the code base because a connection in state
1393  * AP_CONN_STATE_RENDDESC_WAIT must not be in the pending list. */
1394 void
1396 {
1397  tor_assert(entry_conn);
1398 
1400  ENTRY_TO_CONN(entry_conn)->state = AP_CONN_STATE_RENDDESC_WAIT;
1401 }
1402 
1403 /* DOCDOC */
1404 void
1405 connection_ap_warn_and_unmark_if_pending_circ(entry_connection_t *entry_conn,
1406  const char *where)
1407 {
1410  log_warn(LD_BUG, "What was %p doing in pending_entry_connections in %s?",
1411  entry_conn, where);
1413  }
1414 }
1415 
1416 /** Tell any AP streams that are waiting for a one-hop tunnel to
1417  * <b>failed_digest</b> that they are going to fail. */
1418 /* XXXX We should get rid of this function, and instead attach
1419  * one-hop streams to circ->p_streams so they get marked in
1420  * circuit_mark_for_close like normal p_streams. */
1421 void
1422 connection_ap_fail_onehop(const char *failed_digest,
1423  cpath_build_state_t *build_state)
1424 {
1425  entry_connection_t *entry_conn;
1426  char digest[DIGEST_LEN];
1427  smartlist_t *conns = get_connection_array();
1428  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
1429  if (conn->marked_for_close ||
1430  conn->type != CONN_TYPE_AP ||
1431  conn->state != AP_CONN_STATE_CIRCUIT_WAIT)
1432  continue;
1433  entry_conn = TO_ENTRY_CONN(conn);
1434  if (!entry_conn->want_onehop)
1435  continue;
1436  if (hexdigest_to_digest(entry_conn->chosen_exit_name, digest) < 0 ||
1437  tor_memneq(digest, failed_digest, DIGEST_LEN))
1438  continue;
1439  if (tor_digest_is_zero(digest)) {
1440  /* we don't know the digest; have to compare addr:port */
1441  tor_addr_t addr;
1442  if (!build_state || !build_state->chosen_exit ||
1443  !entry_conn->socks_request) {
1444  continue;
1445  }
1446  if (tor_addr_parse(&addr, entry_conn->socks_request->address)<0 ||
1447  !tor_addr_eq(&build_state->chosen_exit->addr, &addr) ||
1448  build_state->chosen_exit->port != entry_conn->socks_request->port)
1449  continue;
1450  }
1451  log_info(LD_APP, "Closing one-hop stream to '%s/%s' because the OR conn "
1452  "just failed.", entry_conn->chosen_exit_name,
1453  entry_conn->socks_request->address);
1454  connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TIMEOUT);
1455  } SMARTLIST_FOREACH_END(conn);
1456 }
1457 
1458 /** A circuit failed to finish on its last hop <b>info</b>. If there
1459  * are any streams waiting with this exit node in mind, but they
1460  * don't absolutely require it, make them give up on it.
1461  */
1462 void
1464 {
1465  entry_connection_t *entry_conn;
1466  const node_t *r1, *r2;
1467 
1468  smartlist_t *conns = get_connection_array();
1469  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
1470  if (conn->marked_for_close ||
1471  conn->type != CONN_TYPE_AP ||
1472  conn->state != AP_CONN_STATE_CIRCUIT_WAIT)
1473  continue;
1474  entry_conn = TO_ENTRY_CONN(conn);
1475  if (!entry_conn->chosen_exit_optional &&
1476  !entry_conn->chosen_exit_retries)
1477  continue;
1478  r1 = node_get_by_nickname(entry_conn->chosen_exit_name,
1479  NNF_NO_WARN_UNNAMED);
1480  r2 = node_get_by_id(info->identity_digest);
1481  if (!r1 || !r2 || r1 != r2)
1482  continue;
1483  tor_assert(entry_conn->socks_request);
1484  if (entry_conn->chosen_exit_optional) {
1485  log_info(LD_APP, "Giving up on enclave exit '%s' for destination %s.",
1486  safe_str_client(entry_conn->chosen_exit_name),
1488  entry_conn->chosen_exit_optional = 0;
1489  tor_free(entry_conn->chosen_exit_name); /* clears it */
1490  /* if this port is dangerous, warn or reject it now that we don't
1491  * think it'll be using an enclave. */
1492  consider_plaintext_ports(entry_conn, entry_conn->socks_request->port);
1493  }
1494  if (entry_conn->chosen_exit_retries) {
1495  if (--entry_conn->chosen_exit_retries == 0) { /* give up! */
1497  tor_free(entry_conn->chosen_exit_name); /* clears it */
1498  /* if this port is dangerous, warn or reject it now that we don't
1499  * think it'll be using an enclave. */
1500  consider_plaintext_ports(entry_conn, entry_conn->socks_request->port);
1501  }
1502  }
1503  } SMARTLIST_FOREACH_END(conn);
1504 }
1505 
1506 /** The AP connection <b>conn</b> has just failed while attaching or
1507  * sending a BEGIN or resolving on <b>circ</b>, but another circuit
1508  * might work. Detach the circuit, and either reattach it, launch a
1509  * new circuit, tell the controller, or give up as appropriate.
1510  *
1511  * Returns -1 on err, 1 on success, 0 on not-yet-sure.
1512  */
1513 int
1515  origin_circuit_t *circ,
1516  int reason)
1517 {
1518  control_event_stream_status(conn, STREAM_EVENT_FAILED_RETRIABLE, reason);
1519  ENTRY_TO_CONN(conn)->timestamp_last_read_allowed = time(NULL);
1520 
1521  /* Roll back path bias use state so that we probe the circuit
1522  * if nothing else succeeds on it */
1524 
1525  if (conn->pending_optimistic_data) {
1526  buf_set_to_copy(&conn->sending_optimistic_data,
1527  conn->pending_optimistic_data);
1528  }
1529 
1530  if (!get_options()->LeaveStreamsUnattached || conn->use_begindir) {
1531  /* If we're attaching streams ourself, or if this connection is
1532  * a tunneled directory connection, then just attach it. */
1535  connection_ap_mark_as_pending_circuit(conn);
1536  } else {
1537  CONNECTION_AP_EXPECT_NONPENDING(conn);
1540  }
1541  return 0;
1542 }
1543 
1544 /** Check if <b>conn</b> is using a dangerous port. Then warn and/or
1545  * reject depending on our config options. */
1546 static int
1548 {
1549  const or_options_t *options = get_options();
1550  int reject = smartlist_contains_int_as_string(
1551  options->RejectPlaintextPorts, port);
1552 
1554  log_warn(LD_APP, "Application request to port %d: this port is "
1555  "commonly used for unencrypted protocols. Please make sure "
1556  "you don't send anything you would mind the rest of the "
1557  "Internet reading!%s", port, reject ? " Closing." : "");
1558  control_event_client_status(LOG_WARN, "DANGEROUS_PORT PORT=%d RESULT=%s",
1559  port, reject ? "REJECT" : "WARN");
1560  }
1561 
1562  if (reject) {
1563  log_info(LD_APP, "Port %d listed in RejectPlaintextPorts. Closing.", port);
1564  connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
1565  return -1;
1566  }
1567 
1568  return 0;
1569 }
1570 
1571 /** Parse the given hostname in address. Returns true if the parsing was
1572  * successful and type_out contains the type of the hostname. Else, false is
1573  * returned which means it was not recognized and type_out is set to
1574  * BAD_HOSTNAME.
1575  *
1576  * The possible recognized forms are (where true is returned):
1577  *
1578  * If address is of the form "y.onion" with a well-formed handle y:
1579  * Put a NUL after y, lower-case it, and return ONION_V2_HOSTNAME or
1580  * ONION_V3_HOSTNAME depending on the HS version.
1581  *
1582  * If address is of the form "x.y.onion" with a well-formed handle x:
1583  * Drop "x.", put a NUL after y, lower-case it, and return
1584  * ONION_V2_HOSTNAME or ONION_V3_HOSTNAME depending on the HS version.
1585  *
1586  * If address is of the form "y.onion" with a badly-formed handle y:
1587  * Return BAD_HOSTNAME and log a message.
1588  *
1589  * If address is of the form "y.exit":
1590  * Put a NUL after y and return EXIT_HOSTNAME.
1591  *
1592  * Otherwise:
1593  * Return NORMAL_HOSTNAME and change nothing.
1594  */
1595 STATIC bool
1596 parse_extended_hostname(char *address, hostname_type_t *type_out)
1597 {
1598  char *s;
1599  char *q;
1600  char query[HS_SERVICE_ADDR_LEN_BASE32+1];
1601 
1602  s = strrchr(address,'.');
1603  if (!s) {
1604  *type_out = NORMAL_HOSTNAME; /* no dot, thus normal */
1605  goto success;
1606  }
1607  if (!strcmp(s+1,"exit")) {
1608  *s = 0; /* NUL-terminate it */
1609  *type_out = EXIT_HOSTNAME; /* .exit */
1610  goto success;
1611  }
1612  if (strcmp(s+1,"onion")) {
1613  *type_out = NORMAL_HOSTNAME; /* neither .exit nor .onion, thus normal */
1614  goto success;
1615  }
1616 
1617  /* so it is .onion */
1618  *s = 0; /* NUL-terminate it */
1619  /* locate a 'sub-domain' component, in order to remove it */
1620  q = strrchr(address, '.');
1621  if (q == address) {
1622  *type_out = BAD_HOSTNAME;
1623  goto failed; /* reject sub-domain, as DNS does */
1624  }
1625  q = (NULL == q) ? address : q + 1;
1626  if (strlcpy(query, q, HS_SERVICE_ADDR_LEN_BASE32+1) >=
1628  *type_out = BAD_HOSTNAME;
1629  goto failed;
1630  }
1631  if (q != address) {
1632  memmove(address, q, strlen(q) + 1 /* also get \0 */);
1633  }
1634  /* v2 onion address check. */
1635  if (strlen(query) == REND_SERVICE_ID_LEN_BASE32) {
1636  *type_out = ONION_V2_HOSTNAME;
1637  if (rend_valid_v2_service_id(query)) {
1638  goto success;
1639  }
1640  goto failed;
1641  }
1642 
1643  /* v3 onion address check. */
1644  if (strlen(query) == HS_SERVICE_ADDR_LEN_BASE32) {
1645  *type_out = ONION_V3_HOSTNAME;
1646  if (hs_address_is_valid(query)) {
1647  goto success;
1648  }
1649  goto failed;
1650  }
1651 
1652  /* Reaching this point, nothing was recognized. */
1653  *type_out = BAD_HOSTNAME;
1654  goto failed;
1655 
1656  success:
1657  return true;
1658  failed:
1659  /* otherwise, return to previous state and return 0 */
1660  *s = '.';
1661  log_warn(LD_APP, "Invalid %shostname %s; rejecting",
1662  (*type_out == (ONION_V2_HOSTNAME || ONION_V3_HOSTNAME) ? "onion " : ""),
1663  safe_str_client(address));
1664  return false;
1665 }
1666 
1667 /** How many times do we try connecting with an exit configured via
1668  * TrackHostExits before concluding that it won't work any more and trying a
1669  * different one? */
1670 #define TRACKHOSTEXITS_RETRIES 5
1671 
1672 /** Call connection_ap_handshake_rewrite_and_attach() unless a controller
1673  * asked us to leave streams unattached. Return 0 in that case.
1674  *
1675  * See connection_ap_handshake_rewrite_and_attach()'s
1676  * documentation for arguments and return value.
1677  */
1678 MOCK_IMPL(int,
1680  origin_circuit_t *circ,
1681  crypt_path_t *cpath))
1682 {
1683  const or_options_t *options = get_options();
1684 
1685  if (options->LeaveStreamsUnattached) {
1686  CONNECTION_AP_EXPECT_NONPENDING(conn);
1688  return 0;
1689  }
1690  return connection_ap_handshake_rewrite_and_attach(conn, circ, cpath);
1691 }
1692 
1693 /* Try to perform any map-based rewriting of the target address in
1694  * <b>conn</b>, filling in the fields of <b>out</b> as we go, and modifying
1695  * conn->socks_request.address as appropriate.
1696  */
1697 STATIC void
1698 connection_ap_handshake_rewrite(entry_connection_t *conn,
1699  rewrite_result_t *out)
1700 {
1701  socks_request_t *socks = conn->socks_request;
1702  const or_options_t *options = get_options();
1703  tor_addr_t addr_tmp;
1704 
1705  /* Initialize all the fields of 'out' to reasonable defaults */
1706  out->automap = 0;
1707  out->exit_source = ADDRMAPSRC_NONE;
1708  out->map_expires = TIME_MAX;
1709  out->end_reason = 0;
1710  out->should_close = 0;
1711  out->orig_address[0] = 0;
1712 
1713  /* We convert all incoming addresses to lowercase. */
1714  tor_strlower(socks->address);
1715  /* Remember the original address. */
1716  strlcpy(out->orig_address, socks->address, sizeof(out->orig_address));
1717  log_debug(LD_APP,"Client asked for %s:%d",
1718  safe_str_client(socks->address),
1719  socks->port);
1720 
1721  /* Check for whether this is a .exit address. By default, those are
1722  * disallowed when they're coming straight from the client, but you're
1723  * allowed to have them in MapAddress commands and so forth. */
1724  if (!strcmpend(socks->address, ".exit")) {
1725  static ratelim_t exit_warning_limit = RATELIM_INIT(60*15);
1726  log_fn_ratelim(&exit_warning_limit, LOG_WARN, LD_APP,
1727  "The \".exit\" notation is disabled in Tor due to "
1728  "security risks.");
1729  control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
1730  escaped(socks->address));
1731  out->end_reason = END_STREAM_REASON_TORPROTOCOL;
1732  out->should_close = 1;
1733  return;
1734  }
1735 
1736  /* Remember the original address so we can tell the user about what
1737  * they actually said, not just what it turned into. */
1738  /* XXX yes, this is the same as out->orig_address above. One is
1739  * in the output, and one is in the connection. */
1740  if (! conn->original_dest_address) {
1741  /* Is the 'if' necessary here? XXXX */
1742  conn->original_dest_address = tor_strdup(conn->socks_request->address);
1743  }
1744 
1745  /* First, apply MapAddress and MAPADDRESS mappings. We need to do
1746  * these only for non-reverse lookups, since they don't exist for those.
1747  * We also need to do this before we consider automapping, since we might
1748  * e.g. resolve irc.oftc.net into irconionaddress.onion, at which point
1749  * we'd need to automap it. */
1750  if (socks->command != SOCKS_COMMAND_RESOLVE_PTR) {
1751  const unsigned rewrite_flags = AMR_FLAG_USE_MAPADDRESS;
1752  if (addressmap_rewrite(socks->address, sizeof(socks->address),
1753  rewrite_flags, &out->map_expires, &out->exit_source)) {
1754  control_event_stream_status(conn, STREAM_EVENT_REMAP,
1756  }
1757  }
1758 
1759  /* Now see if we need to create or return an existing Hostname->IP
1760  * automapping. Automapping happens when we're asked to resolve a
1761  * hostname, and AutomapHostsOnResolve is set, and the hostname has a
1762  * suffix listed in AutomapHostsSuffixes. It's a handy feature
1763  * that lets you have Tor assign e.g. IPv6 addresses for .onion
1764  * names, and return them safely from DNSPort.
1765  */
1766  if (socks->command == SOCKS_COMMAND_RESOLVE &&
1767  tor_addr_parse(&addr_tmp, socks->address)<0 &&
1768  options->AutomapHostsOnResolve) {
1769  /* Check the suffix... */
1770  out->automap = addressmap_address_should_automap(socks->address, options);
1771  if (out->automap) {
1772  /* If we get here, then we should apply an automapping for this. */
1773  const char *new_addr;
1774  /* We return an IPv4 address by default, or an IPv6 address if we
1775  * are allowed to do so. */
1776  int addr_type = RESOLVED_TYPE_IPV4;
1777  if (conn->socks_request->socks_version != 4) {
1778  if (!conn->entry_cfg.ipv4_traffic ||
1779  (conn->entry_cfg.ipv6_traffic && conn->entry_cfg.prefer_ipv6) ||
1780  conn->entry_cfg.prefer_ipv6_virtaddr)
1781  addr_type = RESOLVED_TYPE_IPV6;
1782  }
1783  /* Okay, register the target address as automapped, and find the new
1784  * address we're supposed to give as a resolve answer. (Return a cached
1785  * value if we've looked up this address before.
1786  */
1788  addr_type, tor_strdup(socks->address));
1789  if (! new_addr) {
1790  log_warn(LD_APP, "Unable to automap address %s",
1791  escaped_safe_str(socks->address));
1792  out->end_reason = END_STREAM_REASON_INTERNAL;
1793  out->should_close = 1;
1794  return;
1795  }
1796  log_info(LD_APP, "Automapping %s to %s",
1798  safe_str_client(new_addr));
1799  strlcpy(socks->address, new_addr, sizeof(socks->address));
1800  }
1801  }
1802 
1803  /* Now handle reverse lookups, if they're in the cache. This doesn't
1804  * happen too often, since client-side DNS caching is off by default,
1805  * and very deprecated. */
1806  if (socks->command == SOCKS_COMMAND_RESOLVE_PTR) {
1807  unsigned rewrite_flags = 0;
1808  if (conn->entry_cfg.use_cached_ipv4_answers)
1809  rewrite_flags |= AMR_FLAG_USE_IPV4_DNS;
1810  if (conn->entry_cfg.use_cached_ipv6_answers)
1811  rewrite_flags |= AMR_FLAG_USE_IPV6_DNS;
1812 
1813  if (addressmap_rewrite_reverse(socks->address, sizeof(socks->address),
1814  rewrite_flags, &out->map_expires)) {
1815  char *result = tor_strdup(socks->address);
1816  /* remember _what_ is supposed to have been resolved. */
1817  tor_snprintf(socks->address, sizeof(socks->address), "REVERSE[%s]",
1818  out->orig_address);
1819  connection_ap_handshake_socks_resolved(conn, RESOLVED_TYPE_HOSTNAME,
1820  strlen(result), (uint8_t*)result,
1821  -1,
1822  out->map_expires);
1823  tor_free(result);
1824  out->end_reason = END_STREAM_REASON_DONE |
1826  out->should_close = 1;
1827  return;
1828  }
1829 
1830  /* Hang on, did we find an answer saying that this is a reverse lookup for
1831  * an internal address? If so, we should reject it if we're configured to
1832  * do so. */
1833  if (options->ClientDNSRejectInternalAddresses) {
1834  /* Don't let clients try to do a reverse lookup on 10.0.0.1. */
1835  tor_addr_t addr;
1836  int ok;
1838  &addr, socks->address, AF_UNSPEC, 1);
1839  if (ok == 1 && tor_addr_is_internal(&addr, 0)) {
1840  connection_ap_handshake_socks_resolved(conn, RESOLVED_TYPE_ERROR,
1841  0, NULL, -1, TIME_MAX);
1842  out->end_reason = END_STREAM_REASON_SOCKSPROTOCOL |
1844  out->should_close = 1;
1845  return;
1846  }
1847  }
1848  }
1849 
1850  /* If we didn't automap it before, then this is still the address that
1851  * came straight from the user, mapped according to any
1852  * MapAddress/MAPADDRESS commands. Now apply other mappings,
1853  * including previously registered Automap entries (IP back to
1854  * hostname), TrackHostExits entries, and client-side DNS cache
1855  * entries (if they're turned on).
1856  */
1857  if (socks->command != SOCKS_COMMAND_RESOLVE_PTR &&
1858  !out->automap) {
1859  unsigned rewrite_flags = AMR_FLAG_USE_AUTOMAP | AMR_FLAG_USE_TRACKEXIT;
1860  addressmap_entry_source_t exit_source2;
1861  if (conn->entry_cfg.use_cached_ipv4_answers)
1862  rewrite_flags |= AMR_FLAG_USE_IPV4_DNS;
1863  if (conn->entry_cfg.use_cached_ipv6_answers)
1864  rewrite_flags |= AMR_FLAG_USE_IPV6_DNS;
1865  if (addressmap_rewrite(socks->address, sizeof(socks->address),
1866  rewrite_flags, &out->map_expires, &exit_source2)) {
1867  control_event_stream_status(conn, STREAM_EVENT_REMAP,
1869  }
1870  if (out->exit_source == ADDRMAPSRC_NONE) {
1871  /* If it wasn't a .exit before, maybe it turned into a .exit. Remember
1872  * the original source of a .exit. */
1873  out->exit_source = exit_source2;
1874  }
1875  }
1876 
1877  /* Check to see whether we're about to use an address in the virtual
1878  * range without actually having gotten it from an Automap. */
1879  if (!out->automap && address_is_in_virtual_range(socks->address)) {
1880  /* This address was probably handed out by
1881  * client_dns_get_unmapped_address, but the mapping was discarded for some
1882  * reason. Or the user typed in a virtual address range manually. We
1883  * *don't* want to send the address through Tor; that's likely to fail,
1884  * and may leak information.
1885  */
1886  log_warn(LD_APP,"Missing mapping for virtual address '%s'. Refusing.",
1887  safe_str_client(socks->address));
1888  out->end_reason = END_STREAM_REASON_INTERNAL;
1889  out->should_close = 1;
1890  return;
1891  }
1892 }
1893 
1894 /** We just received a SOCKS request in <b>conn</b> to an onion address of type
1895  * <b>addresstype</b>. Start connecting to the onion service. */
1896 static int
1898  socks_request_t *socks,
1899  origin_circuit_t *circ,
1900  hostname_type_t addresstype)
1901 {
1902  time_t now = approx_time();
1903  connection_t *base_conn = ENTRY_TO_CONN(conn);
1904 
1905  /* If .onion address requests are disabled, refuse the request */
1906  if (!conn->entry_cfg.onion_traffic) {
1907  log_warn(LD_APP, "Onion address %s requested from a port with .onion "
1908  "disabled", safe_str_client(socks->address));
1909  connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
1910  return -1;
1911  }
1912 
1913  /* Check whether it's RESOLVE or RESOLVE_PTR. We don't handle those
1914  * for hidden service addresses. */
1915  if (SOCKS_COMMAND_IS_RESOLVE(socks->command)) {
1916  /* if it's a resolve request, fail it right now, rather than
1917  * building all the circuits and then realizing it won't work. */
1918  log_warn(LD_APP,
1919  "Resolve requests to hidden services not allowed. Failing.");
1920  connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_ERROR,
1921  0,NULL,-1,TIME_MAX);
1922  connection_mark_unattached_ap(conn,
1925  return -1;
1926  }
1927 
1928  /* If we were passed a circuit, then we need to fail. .onion addresses
1929  * only work when we launch our own circuits for now. */
1930  if (circ) {
1931  log_warn(LD_CONTROL, "Attachstream to a circuit is not "
1932  "supported for .onion addresses currently. Failing.");
1933  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
1934  return -1;
1935  }
1936 
1937  /* Interface: Regardless of HS version after the block below we should have
1938  set onion_address, rend_cache_lookup_result, and descriptor_is_usable. */
1939  const char *onion_address = NULL;
1940  int rend_cache_lookup_result = -ENOENT;
1941  int descriptor_is_usable = 0;
1942 
1943  if (addresstype == ONION_V2_HOSTNAME) { /* it's a v2 hidden service */
1944  rend_cache_entry_t *entry = NULL;
1945  /* Look up if we have client authorization configured for this hidden
1946  * service. If we do, associate it with the rend_data. */
1947  rend_service_authorization_t *client_auth =
1949 
1950  const uint8_t *cookie = NULL;
1951  rend_auth_type_t auth_type = REND_NO_AUTH;
1952  if (client_auth) {
1953  log_info(LD_REND, "Using previously configured client authorization "
1954  "for hidden service request.");
1955  auth_type = client_auth->auth_type;
1956  cookie = client_auth->descriptor_cookie;
1957  }
1958 
1959  /* Fill in the rend_data field so we can start doing a connection to
1960  * a hidden service. */
1961  rend_data_t *rend_data = ENTRY_TO_EDGE_CONN(conn)->rend_data =
1962  rend_data_client_create(socks->address, NULL, (char *) cookie,
1963  auth_type);
1964  if (rend_data == NULL) {
1965  return -1;
1966  }
1967  onion_address = rend_data_get_address(rend_data);
1968  log_info(LD_REND,"Got a hidden service request for ID '%s'",
1969  safe_str_client(onion_address));
1970 
1971  rend_cache_lookup_result = rend_cache_lookup_entry(onion_address,-1,
1972  &entry);
1973  if (!rend_cache_lookup_result && entry) {
1974  descriptor_is_usable = rend_client_any_intro_points_usable(entry);
1975  }
1976  } else { /* it's a v3 hidden service */
1977  tor_assert(addresstype == ONION_V3_HOSTNAME);
1978  const hs_descriptor_t *cached_desc = NULL;
1979  int retval;
1980  /* Create HS conn identifier with HS pubkey */
1981  hs_ident_edge_conn_t *hs_conn_ident =
1982  tor_malloc_zero(sizeof(hs_ident_edge_conn_t));
1983 
1984  retval = hs_parse_address(socks->address, &hs_conn_ident->identity_pk,
1985  NULL, NULL);
1986  if (retval < 0) {
1987  log_warn(LD_GENERAL, "failed to parse hs address");
1988  tor_free(hs_conn_ident);
1989  return -1;
1990  }
1991  ENTRY_TO_EDGE_CONN(conn)->hs_ident = hs_conn_ident;
1992 
1993  onion_address = socks->address;
1994 
1995  /* Check the v3 desc cache */
1996  cached_desc = hs_cache_lookup_as_client(&hs_conn_ident->identity_pk);
1997  if (cached_desc) {
1998  rend_cache_lookup_result = 0;
1999  descriptor_is_usable =
2001  cached_desc);
2002  log_info(LD_GENERAL, "Found %s descriptor in cache for %s. %s.",
2003  (descriptor_is_usable) ? "usable" : "unusable",
2004  safe_str_client(onion_address),
2005  (descriptor_is_usable) ? "Not fetching." : "Refecting.");
2006  } else {
2007  rend_cache_lookup_result = -ENOENT;
2008  }
2009  }
2010 
2011  /* Lookup the given onion address. If invalid, stop right now.
2012  * Otherwise, we might have it in the cache or not. */
2013  unsigned int refetch_desc = 0;
2014  if (rend_cache_lookup_result < 0) {
2015  switch (-rend_cache_lookup_result) {
2016  case EINVAL:
2017  /* We should already have rejected this address! */
2018  log_warn(LD_BUG,"Invalid service name '%s'",
2019  safe_str_client(onion_address));
2020  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2021  return -1;
2022  case ENOENT:
2023  /* We didn't have this; we should look it up. */
2024  log_info(LD_REND, "No descriptor found in our cache for %s. Fetching.",
2025  safe_str_client(onion_address));
2026  refetch_desc = 1;
2027  break;
2028  default:
2029  log_warn(LD_BUG, "Unknown cache lookup error %d",
2030  rend_cache_lookup_result);
2031  return -1;
2032  }
2033  }
2034 
2035  /* Help predict that we'll want to do hidden service circuits in the
2036  * future. We're not sure if it will need a stable circuit yet, but
2037  * we know we'll need *something*. */
2038  rep_hist_note_used_internal(now, 0, 1);
2039 
2040  /* Now we have a descriptor but is it usable or not? If not, refetch.
2041  * Also, a fetch could have been requested if the onion address was not
2042  * found in the cache previously. */
2043  if (refetch_desc || !descriptor_is_usable) {
2044  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
2046  base_conn->state = AP_CONN_STATE_RENDDESC_WAIT;
2047  if (addresstype == ONION_V2_HOSTNAME) {
2048  tor_assert(edge_conn->rend_data);
2050  /* Whatever the result of the refetch, we don't go further. */
2051  return 0;
2052  } else {
2053  tor_assert(addresstype == ONION_V3_HOSTNAME);
2054  tor_assert(edge_conn->hs_ident);
2055  /* Attempt to fetch the hsv3 descriptor. Check the retval to see how it
2056  * went and act accordingly. */
2057  int ret = hs_client_refetch_hsdesc(&edge_conn->hs_ident->identity_pk);
2058  switch (ret) {
2060  /* Keeping the connection in descriptor wait state is fine because
2061  * once we get enough dirinfo or a new live consensus, the HS client
2062  * subsystem is notified and every connection in that state will
2063  * trigger a fetch for the service key. */
2067  return 0;
2068  case HS_CLIENT_FETCH_ERROR:
2071  /* Can't proceed further and better close the SOCKS request. */
2072  return -1;
2073  }
2074  }
2075  }
2076 
2077  /* We have the descriptor! So launch a connection to the HS. */
2078  log_info(LD_REND, "Descriptor is here. Great.");
2079 
2080  base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
2081  /* We'll try to attach it at the next event loop, or whenever
2082  * we call connection_ap_attach_pending() */
2083  connection_ap_mark_as_pending_circuit(conn);
2084  return 0;
2085 }
2086 
2087 /** Connection <b>conn</b> just finished its socks handshake, or the
2088  * controller asked us to take care of it. If <b>circ</b> is defined,
2089  * then that's where we'll want to attach it. Otherwise we have to
2090  * figure it out ourselves.
2091  *
2092  * First, parse whether it's a .exit address, remap it, and so on. Then
2093  * if it's for a general circuit, try to attach it to a circuit (or launch
2094  * one as needed), else if it's for a rendezvous circuit, fetch a
2095  * rendezvous descriptor first (or attach/launch a circuit if the
2096  * rendezvous descriptor is already here and fresh enough).
2097  *
2098  * The stream will exit from the hop
2099  * indicated by <b>cpath</b>, or from the last hop in circ's cpath if
2100  * <b>cpath</b> is NULL.
2101  */
2102 int
2104  origin_circuit_t *circ,
2105  crypt_path_t *cpath)
2106 {
2107  socks_request_t *socks = conn->socks_request;
2108  const or_options_t *options = get_options();
2109  connection_t *base_conn = ENTRY_TO_CONN(conn);
2110  time_t now = time(NULL);
2111  rewrite_result_t rr;
2112 
2113  /* First we'll do the rewrite part. Let's see if we get a reasonable
2114  * answer.
2115  */
2116  memset(&rr, 0, sizeof(rr));
2117  connection_ap_handshake_rewrite(conn,&rr);
2118 
2119  if (rr.should_close) {
2120  /* connection_ap_handshake_rewrite told us to close the connection:
2121  * either because it sent back an answer, or because it sent back an
2122  * error */
2123  connection_mark_unattached_ap(conn, rr.end_reason);
2124  if (END_STREAM_REASON_DONE == (rr.end_reason & END_STREAM_REASON_MASK))
2125  return 0;
2126  else
2127  return -1;
2128  }
2129 
2130  const time_t map_expires = rr.map_expires;
2131  const int automap = rr.automap;
2132  const addressmap_entry_source_t exit_source = rr.exit_source;
2133 
2134  /* Now see whether the hostname is bogus. This could happen because of an
2135  * onion hostname whose format we don't recognize. */
2136  hostname_type_t addresstype;
2137  if (!parse_extended_hostname(socks->address, &addresstype)) {
2138  control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
2139  escaped(socks->address));
2140  if (addresstype == ONION_V3_HOSTNAME) {
2141  conn->socks_request->socks_extended_error_code = SOCKS5_HS_BAD_ADDRESS;
2142  }
2143  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2144  return -1;
2145  }
2146 
2147  /* If this is a .exit hostname, strip off the .name.exit part, and
2148  * see whether we're willing to connect there, and and otherwise handle the
2149  * .exit address.
2150  *
2151  * We'll set chosen_exit_name and/or close the connection as appropriate.
2152  */
2153  if (addresstype == EXIT_HOSTNAME) {
2154  /* If StrictNodes is not set, then .exit overrides ExcludeNodes but
2155  * not ExcludeExitNodes. */
2156  routerset_t *excludeset = options->StrictNodes ?
2157  options->ExcludeExitNodesUnion_ : options->ExcludeExitNodes;
2158  const node_t *node = NULL;
2159 
2160  /* If this .exit was added by an AUTOMAP, then it came straight from
2161  * a user. That's not safe. */
2162  if (exit_source == ADDRMAPSRC_AUTOMAP) {
2163  /* Whoops; this one is stale. It must have gotten added earlier?
2164  * (Probably this is not possible, since AllowDotExit no longer
2165  * exists.) */
2166  log_warn(LD_APP,"Stale automapped address for '%s.exit'. Refusing.",
2167  safe_str_client(socks->address));
2168  control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
2169  escaped(socks->address));
2170  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2171  tor_assert_nonfatal_unreached();
2172  return -1;
2173  }
2174 
2175  /* Double-check to make sure there are no .exits coming from
2176  * impossible/weird sources. */
2177  if (exit_source == ADDRMAPSRC_DNS || exit_source == ADDRMAPSRC_NONE) {
2178  /* It shouldn't be possible to get a .exit address from any of these
2179  * sources. */
2180  log_warn(LD_BUG,"Address '%s.exit', with impossible source for the "
2181  ".exit part. Refusing.",
2182  safe_str_client(socks->address));
2183  control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
2184  escaped(socks->address));
2185  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2186  return -1;
2187  }
2188 
2189  tor_assert(!automap);
2190 
2191  /* Now, find the character before the .(name) part.
2192  * (The ".exit" part got stripped off by "parse_extended_hostname").
2193  *
2194  * We're going to put the exit name into conn->chosen_exit_name, and
2195  * look up a node correspondingly. */
2196  char *s = strrchr(socks->address,'.');
2197  if (s) {
2198  /* The address was of the form "(stuff).(name).exit */
2199  if (s[1] != '\0') {
2200  /* Looks like a real .exit one. */
2201  conn->chosen_exit_name = tor_strdup(s+1);
2202  node = node_get_by_nickname(conn->chosen_exit_name, 0);
2203 
2204  if (exit_source == ADDRMAPSRC_TRACKEXIT) {
2205  /* We 5 tries before it expires the addressmap */
2207  }
2208  *s = 0;
2209  } else {
2210  /* Oops, the address was (stuff)..exit. That's not okay. */
2211  log_warn(LD_APP,"Malformed exit address '%s.exit'. Refusing.",
2212  safe_str_client(socks->address));
2213  control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
2214  escaped(socks->address));
2215  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2216  return -1;
2217  }
2218  } else {
2219  /* It looks like they just asked for "foo.exit". That's a special
2220  * form that means (foo's address).foo.exit. */
2221 
2222  conn->chosen_exit_name = tor_strdup(socks->address);
2223  node = node_get_by_nickname(conn->chosen_exit_name, 0);
2224  if (node) {
2225  *socks->address = 0;
2226  node_get_address_string(node, socks->address, sizeof(socks->address));
2227  }
2228  }
2229 
2230  /* Now make sure that the chosen exit exists... */
2231  if (!node) {
2232  log_warn(LD_APP,
2233  "Unrecognized relay in exit address '%s.exit'. Refusing.",
2234  safe_str_client(socks->address));
2235  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2236  return -1;
2237  }
2238  /* ...and make sure that it isn't excluded. */
2239  if (routerset_contains_node(excludeset, node)) {
2240  log_warn(LD_APP,
2241  "Excluded relay in exit address '%s.exit'. Refusing.",
2242  safe_str_client(socks->address));
2243  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2244  return -1;
2245  }
2246  /* XXXX-1090 Should we also allow foo.bar.exit if ExitNodes is set and
2247  Bar is not listed in it? I say yes, but our revised manpage branch
2248  implies no. */
2249  }
2250 
2251  /* Now, we handle everything that isn't a .onion address. */
2252  if (addresstype != ONION_V2_HOSTNAME && addresstype != ONION_V3_HOSTNAME) {
2253  /* Not a hidden-service request. It's either a hostname or an IP,
2254  * possibly with a .exit that we stripped off. We're going to check
2255  * if we're allowed to connect/resolve there, and then launch the
2256  * appropriate request. */
2257 
2258  /* Check for funny characters in the address. */
2259  if (address_is_invalid_destination(socks->address, 1)) {
2260  control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
2261  escaped(socks->address));
2262  log_warn(LD_APP,
2263  "Destination '%s' seems to be an invalid hostname. Failing.",
2264  safe_str_client(socks->address));
2265  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2266  return -1;
2267  }
2268 
2269  /* socks->address is a non-onion hostname or IP address.
2270  * If we can't do any non-onion requests, refuse the connection.
2271  * If we have a hostname but can't do DNS, refuse the connection.
2272  * If we have an IP address, but we can't use that address family,
2273  * refuse the connection.
2274  *
2275  * If we can do DNS requests, and we can use at least one address family,
2276  * then we have to resolve the address first. Then we'll know if it
2277  * resolves to a usable address family. */
2278 
2279  /* First, check if all non-onion traffic is disabled */
2280  if (!conn->entry_cfg.dns_request && !conn->entry_cfg.ipv4_traffic
2281  && !conn->entry_cfg.ipv6_traffic) {
2282  log_warn(LD_APP, "Refusing to connect to non-hidden-service hostname "
2283  "or IP address %s because Port has OnionTrafficOnly set (or "
2284  "NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic).",
2285  safe_str_client(socks->address));
2286  connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2287  return -1;
2288  }
2289 
2290  /* Then check if we have a hostname or IP address, and whether DNS or
2291  * the IP address family are permitted. Reject if not. */
2292  tor_addr_t dummy_addr;
2293  int socks_family = tor_addr_parse(&dummy_addr, socks->address);
2294  /* family will be -1 for a non-onion hostname that's not an IP */
2295  if (socks_family == -1) {
2296  if (!conn->entry_cfg.dns_request) {
2297  log_warn(LD_APP, "Refusing to connect to hostname %s "
2298  "because Port has NoDNSRequest set.",
2299  safe_str_client(socks->address));
2300  connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2301  return -1;
2302  }
2303  } else if (socks_family == AF_INET) {
2304  if (!conn->entry_cfg.ipv4_traffic) {
2305  log_warn(LD_APP, "Refusing to connect to IPv4 address %s because "
2306  "Port has NoIPv4Traffic set.",
2307  safe_str_client(socks->address));
2308  connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2309  return -1;
2310  }
2311  } else if (socks_family == AF_INET6) {
2312  if (!conn->entry_cfg.ipv6_traffic) {
2313  log_warn(LD_APP, "Refusing to connect to IPv6 address %s because "
2314  "Port has NoIPv6Traffic set.",
2315  safe_str_client(socks->address));
2316  connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2317  return -1;
2318  }
2319  } else {
2320  tor_assert_nonfatal_unreached_once();
2321  }
2322 
2323  /* See if this is a hostname lookup that we can answer immediately.
2324  * (For example, an attempt to look up the IP address for an IP address.)
2325  */
2326  if (socks->command == SOCKS_COMMAND_RESOLVE) {
2327  tor_addr_t answer;
2328  /* Reply to resolves immediately if we can. */
2329  if (tor_addr_parse(&answer, socks->address) >= 0) {/* is it an IP? */
2330  /* remember _what_ is supposed to have been resolved. */
2331  strlcpy(socks->address, rr.orig_address, sizeof(socks->address));
2333  map_expires);
2334  connection_mark_unattached_ap(conn,
2335  END_STREAM_REASON_DONE |
2337  return 0;
2338  }
2339  tor_assert(!automap);
2340  rep_hist_note_used_resolve(now); /* help predict this next time */
2341  } else if (socks->command == SOCKS_COMMAND_CONNECT) {
2342  /* Now see if this is a connect request that we can reject immediately */
2343 
2344  tor_assert(!automap);
2345  /* Don't allow connections to port 0. */
2346  if (socks->port == 0) {
2347  log_notice(LD_APP,"Application asked to connect to port 0. Refusing.");
2348  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2349  return -1;
2350  }
2351  /* You can't make connections to internal addresses, by default.
2352  * Exceptions are begindir requests (where the address is meaningless),
2353  * or cases where you've hand-configured a particular exit, thereby
2354  * making the local address meaningful. */
2355  if (options->ClientRejectInternalAddresses &&
2356  !conn->use_begindir && !conn->chosen_exit_name && !circ) {
2357  /* If we reach this point then we don't want to allow internal
2358  * addresses. Check if we got one. */
2359  tor_addr_t addr;
2360  if (tor_addr_hostname_is_local(socks->address) ||
2361  (tor_addr_parse(&addr, socks->address) >= 0 &&
2362  tor_addr_is_internal(&addr, 0))) {
2363  /* If this is an explicit private address with no chosen exit node,
2364  * then we really don't want to try to connect to it. That's
2365  * probably an error. */
2366  if (conn->is_transparent_ap) {
2367 #define WARN_INTRVL_LOOP 300
2368  static ratelim_t loop_warn_limit = RATELIM_INIT(WARN_INTRVL_LOOP);
2369  char *m;
2370  if ((m = rate_limit_log(&loop_warn_limit, approx_time()))) {
2371  log_warn(LD_NET,
2372  "Rejecting request for anonymous connection to private "
2373  "address %s on a TransPort or NATDPort. Possible loop "
2374  "in your NAT rules?%s", safe_str_client(socks->address),
2375  m);
2376  tor_free(m);
2377  }
2378  } else {
2379 #define WARN_INTRVL_PRIV 300
2380  static ratelim_t priv_warn_limit = RATELIM_INIT(WARN_INTRVL_PRIV);
2381  char *m;
2382  if ((m = rate_limit_log(&priv_warn_limit, approx_time()))) {
2383  log_warn(LD_NET,
2384  "Rejecting SOCKS request for anonymous connection to "
2385  "private address %s.%s",
2386  safe_str_client(socks->address),m);
2387  tor_free(m);
2388  }
2389  }
2390  connection_mark_unattached_ap(conn, END_STREAM_REASON_PRIVATE_ADDR);
2391  return -1;
2392  }
2393  } /* end "if we should check for internal addresses" */
2394 
2395  /* Okay. We're still doing a CONNECT, and it wasn't a private
2396  * address. Here we do special handling for literal IP addresses,
2397  * to see if we should reject this preemptively, and to set up
2398  * fields in conn->entry_cfg to tell the exit what AF we want. */
2399  {
2400  tor_addr_t addr;
2401  /* XXX Duplicate call to tor_addr_parse. */
2402  if (tor_addr_parse(&addr, socks->address) >= 0) {
2403  /* If we reach this point, it's an IPv4 or an IPv6 address. */
2404  sa_family_t family = tor_addr_family(&addr);
2405 
2406  if ((family == AF_INET && ! conn->entry_cfg.ipv4_traffic) ||
2407  (family == AF_INET6 && ! conn->entry_cfg.ipv6_traffic)) {
2408  /* You can't do an IPv4 address on a v6-only socks listener,
2409  * or vice versa. */
2410  log_warn(LD_NET, "Rejecting SOCKS request for an IP address "
2411  "family that this listener does not support.");
2412  connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2413  return -1;
2414  } else if (family == AF_INET6 && socks->socks_version == 4) {
2415  /* You can't make a socks4 request to an IPv6 address. Socks4
2416  * doesn't support that. */
2417  log_warn(LD_NET, "Rejecting SOCKS4 request for an IPv6 address.");
2418  connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2419  return -1;
2420  } else if (socks->socks_version == 4 &&
2421  !conn->entry_cfg.ipv4_traffic) {
2422  /* You can't do any kind of Socks4 request when IPv4 is forbidden.
2423  *
2424  * XXX raise this check outside the enclosing block? */
2425  log_warn(LD_NET, "Rejecting SOCKS4 request on a listener with "
2426  "no IPv4 traffic supported.");
2427  connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2428  return -1;
2429  } else if (family == AF_INET6) {
2430  /* Tell the exit: we won't accept any ipv4 connection to an IPv6
2431  * address. */
2432  conn->entry_cfg.ipv4_traffic = 0;
2433  } else if (family == AF_INET) {
2434  /* Tell the exit: we won't accept any ipv6 connection to an IPv4
2435  * address. */
2436  conn->entry_cfg.ipv6_traffic = 0;
2437  }
2438  }
2439  }
2440 
2441  /* we never allow IPv6 answers on socks4. (TODO: Is this smart?) */
2442  if (socks->socks_version == 4)
2443  conn->entry_cfg.ipv6_traffic = 0;
2444 
2445  /* Still handling CONNECT. Now, check for exit enclaves. (Which we
2446  * don't do on BEGIN_DIR, or when there is a chosen exit.)
2447  *
2448  * TODO: Should we remove this? Exit enclaves are nutty and don't
2449  * work very well
2450  */
2451  if (!conn->use_begindir && !conn->chosen_exit_name && !circ) {
2452  /* see if we can find a suitable enclave exit */
2453  const node_t *r =
2455  if (r) {
2456  log_info(LD_APP,
2457  "Redirecting address %s to exit at enclave router %s",
2458  safe_str_client(socks->address), node_describe(r));
2459  /* use the hex digest, not nickname, in case there are two
2460  routers with this nickname */
2461  conn->chosen_exit_name =
2462  tor_strdup(hex_str(r->identity, DIGEST_LEN));
2463  conn->chosen_exit_optional = 1;
2464  }
2465  }
2466 
2467  /* Still handling CONNECT: warn or reject if it's using a dangerous
2468  * port. */
2469  if (!conn->use_begindir && !conn->chosen_exit_name && !circ)
2470  if (consider_plaintext_ports(conn, socks->port) < 0)
2471  return -1;
2472 
2473  /* Remember the port so that we will predict that more requests
2474  there will happen in the future. */
2475  if (!conn->use_begindir) {
2476  /* help predict this next time */
2477  rep_hist_note_used_port(now, socks->port);
2478  }
2479  } else if (socks->command == SOCKS_COMMAND_RESOLVE_PTR) {
2480  rep_hist_note_used_resolve(now); /* help predict this next time */
2481  /* no extra processing needed */
2482  } else {
2483  /* We should only be doing CONNECT, RESOLVE, or RESOLVE_PTR! */
2485  }
2486 
2487  /* Okay. At this point we've set chosen_exit_name if needed, rewritten the
2488  * address, and decided not to reject it for any number of reasons. Now
2489  * mark the connection as waiting for a circuit, and try to attach it!
2490  */
2491  base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
2492 
2493  /* If we were given a circuit to attach to, try to attach. Otherwise,
2494  * try to find a good one and attach to that. */
2495  int rv;
2496  if (circ) {
2497  rv = connection_ap_handshake_attach_chosen_circuit(conn, circ, cpath);
2498  } else {
2499  /* We'll try to attach it at the next event loop, or whenever
2500  * we call connection_ap_attach_pending() */
2501  connection_ap_mark_as_pending_circuit(conn);
2502  rv = 0;
2503  }
2504 
2505  /* If the above function returned 0 then we're waiting for a circuit.
2506  * if it returned 1, we're attached. Both are okay. But if it returned
2507  * -1, there was an error, so make sure the connection is marked, and
2508  * return -1. */
2509  if (rv < 0) {
2510  if (!base_conn->marked_for_close)
2511  connection_mark_unattached_ap(conn, END_STREAM_REASON_CANT_ATTACH);
2512  return -1;
2513  }
2514 
2515  return 0;
2516  } else {
2517  /* If we get here, it's a request for a .onion address! */
2518  tor_assert(addresstype == ONION_V2_HOSTNAME ||
2519  addresstype == ONION_V3_HOSTNAME);
2520  tor_assert(!automap);
2521  return connection_ap_handle_onion(conn, socks, circ, addresstype);
2522  }
2523 
2524  return 0; /* unreached but keeps the compiler happy */
2525 }
2526 
2527 #ifdef TRANS_PF
2528 static int pf_socket = -1;
2529 int
2530 get_pf_socket(void)
2531 {
2532  int pf;
2533  /* This should be opened before dropping privileges. */
2534  if (pf_socket >= 0)
2535  return pf_socket;
2536 
2537 #if defined(OpenBSD)
2538  /* only works on OpenBSD */
2539  pf = tor_open_cloexec("/dev/pf", O_RDONLY, 0);
2540 #else
2541  /* works on NetBSD and FreeBSD */
2542  pf = tor_open_cloexec("/dev/pf", O_RDWR, 0);
2543 #endif /* defined(OpenBSD) */
2544 
2545  if (pf < 0) {
2546  log_warn(LD_NET, "open(\"/dev/pf\") failed: %s", strerror(errno));
2547  return -1;
2548  }
2549 
2550  pf_socket = pf;
2551  return pf_socket;
2552 }
2553 #endif /* defined(TRANS_PF) */
2554 
2555 #if defined(TRANS_NETFILTER) || defined(TRANS_PF) || \
2556  defined(TRANS_TPROXY)
2557 /** Try fill in the address of <b>req</b> from the socket configured
2558  * with <b>conn</b>. */
2559 static int
2560 destination_from_socket(entry_connection_t *conn, socks_request_t *req)
2561 {
2562  struct sockaddr_storage orig_dst;
2563  socklen_t orig_dst_len = sizeof(orig_dst);
2564  tor_addr_t addr;
2565 
2566 #ifdef TRANS_TPROXY
2567  if (get_options()->TransProxyType_parsed == TPT_TPROXY) {
2568  if (getsockname(ENTRY_TO_CONN(conn)->s, (struct sockaddr*)&orig_dst,
2569  &orig_dst_len) < 0) {
2570  int e = tor_socket_errno(ENTRY_TO_CONN(conn)->s);
2571  log_warn(LD_NET, "getsockname() failed: %s", tor_socket_strerror(e));
2572  return -1;
2573  }
2574  goto done;
2575  }
2576 #endif /* defined(TRANS_TPROXY) */
2577 
2578 #ifdef TRANS_NETFILTER
2579  int rv = -1;
2580  switch (ENTRY_TO_CONN(conn)->socket_family) {
2581 #ifdef TRANS_NETFILTER_IPV4
2582  case AF_INET:
2583  rv = getsockopt(ENTRY_TO_CONN(conn)->s, SOL_IP, SO_ORIGINAL_DST,
2584  (struct sockaddr*)&orig_dst, &orig_dst_len);
2585  break;
2586 #endif /* defined(TRANS_NETFILTER_IPV4) */
2587 #ifdef TRANS_NETFILTER_IPV6
2588  case AF_INET6:
2589  rv = getsockopt(ENTRY_TO_CONN(conn)->s, SOL_IPV6, IP6T_SO_ORIGINAL_DST,
2590  (struct sockaddr*)&orig_dst, &orig_dst_len);
2591  break;
2592 #endif /* defined(TRANS_NETFILTER_IPV6) */
2593  default:
2594  log_warn(LD_BUG,
2595  "Received transparent data from an unsuported socket family %d",
2596  ENTRY_TO_CONN(conn)->socket_family);
2597  return -1;
2598  }
2599  if (rv < 0) {
2600  int e = tor_socket_errno(ENTRY_TO_CONN(conn)->s);
2601  log_warn(LD_NET, "getsockopt() failed: %s", tor_socket_strerror(e));
2602  return -1;
2603  }
2604  goto done;
2605 #elif defined(TRANS_PF)
2606  if (getsockname(ENTRY_TO_CONN(conn)->s, (struct sockaddr*)&orig_dst,
2607  &orig_dst_len) < 0) {
2608  int e = tor_socket_errno(ENTRY_TO_CONN(conn)->s);
2609  log_warn(LD_NET, "getsockname() failed: %s", tor_socket_strerror(e));
2610  return -1;
2611  }
2612  goto done;
2613 #else
2614  (void)conn;
2615  (void)req;
2616  log_warn(LD_BUG, "Unable to determine destination from socket.");
2617  return -1;
2618 #endif /* defined(TRANS_NETFILTER) || ... */
2619 
2620  done:
2621  tor_addr_from_sockaddr(&addr, (struct sockaddr*)&orig_dst, &req->port);
2622  tor_addr_to_str(req->address, &addr, sizeof(req->address), 1);
2623 
2624  return 0;
2625 }
2626 #endif /* defined(TRANS_NETFILTER) || defined(TRANS_PF) || ... */
2627 
2628 #ifdef TRANS_PF
2629 static int
2630 destination_from_pf(entry_connection_t *conn, socks_request_t *req)
2631 {
2632  struct sockaddr_storage proxy_addr;
2633  socklen_t proxy_addr_len = sizeof(proxy_addr);
2634  struct sockaddr *proxy_sa = (struct sockaddr*) &proxy_addr;
2635  struct pfioc_natlook pnl;
2636  tor_addr_t addr;
2637  int pf = -1;
2638 
2639  if (getsockname(ENTRY_TO_CONN(conn)->s, (struct sockaddr*)&proxy_addr,
2640  &proxy_addr_len) < 0) {
2641  int e = tor_socket_errno(ENTRY_TO_CONN(conn)->s);
2642  log_warn(LD_NET, "getsockname() to determine transocks destination "
2643  "failed: %s", tor_socket_strerror(e));
2644  return -1;
2645  }
2646 
2647 #ifdef __FreeBSD__
2648  if (get_options()->TransProxyType_parsed == TPT_IPFW) {
2649  /* ipfw(8) is used and in this case getsockname returned the original
2650  destination */
2651  if (tor_addr_from_sockaddr(&addr, proxy_sa, &req->port) < 0) {
2653  return -1;
2654  }
2655 
2656  tor_addr_to_str(req->address, &addr, sizeof(req->address), 0);
2657 
2658  return 0;
2659  }
2660 #endif /* defined(__FreeBSD__) */
2661 
2662  memset(&pnl, 0, sizeof(pnl));
2663  pnl.proto = IPPROTO_TCP;
2664  pnl.direction = PF_OUT;
2665  if (proxy_sa->sa_family == AF_INET) {
2666  struct sockaddr_in *sin = (struct sockaddr_in *)proxy_sa;
2667  pnl.af = AF_INET;
2668  pnl.saddr.v4.s_addr = tor_addr_to_ipv4n(&ENTRY_TO_CONN(conn)->addr);
2669  pnl.sport = htons(ENTRY_TO_CONN(conn)->port);
2670  pnl.daddr.v4.s_addr = sin->sin_addr.s_addr;
2671  pnl.dport = sin->sin_port;
2672  } else if (proxy_sa->sa_family == AF_INET6) {
2673  struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)proxy_sa;
2674  pnl.af = AF_INET6;
2675  const struct in6_addr *dest_in6 =
2676  tor_addr_to_in6(&ENTRY_TO_CONN(conn)->addr);
2677  if (BUG(!dest_in6))
2678  return -1;
2679  memcpy(&pnl.saddr.v6, dest_in6, sizeof(struct in6_addr));
2680  pnl.sport = htons(ENTRY_TO_CONN(conn)->port);
2681  memcpy(&pnl.daddr.v6, &sin6->sin6_addr, sizeof(struct in6_addr));
2682  pnl.dport = sin6->sin6_port;
2683  } else {
2684  log_warn(LD_NET, "getsockname() gave an unexpected address family (%d)",
2685  (int)proxy_sa->sa_family);
2686  return -1;
2687  }
2688 
2689  pf = get_pf_socket();
2690  if (pf<0)
2691  return -1;
2692 
2693  if (ioctl(pf, DIOCNATLOOK, &pnl) < 0) {
2694  log_warn(LD_NET, "ioctl(DIOCNATLOOK) failed: %s", strerror(errno));
2695  return -1;
2696  }
2697 
2698  if (pnl.af == AF_INET) {
2699  tor_addr_from_ipv4n(&addr, pnl.rdaddr.v4.s_addr);
2700  } else if (pnl.af == AF_INET6) {
2701  tor_addr_from_in6(&addr, &pnl.rdaddr.v6);
2702  } else {
2704  return -1;
2705  }
2706 
2707  tor_addr_to_str(req->address, &addr, sizeof(req->address), 1);
2708  req->port = ntohs(pnl.rdport);
2709 
2710  return 0;
2711 }
2712 #endif /* defined(TRANS_PF) */
2713 
2714 /** Fetch the original destination address and port from a
2715  * system-specific interface and put them into a
2716  * socks_request_t as if they came from a socks request.
2717  *
2718  * Return -1 if an error prevents fetching the destination,
2719  * else return 0.
2720  */
2721 static int
2723  socks_request_t *req)
2724 {
2725 #ifdef TRANS_NETFILTER
2726  return destination_from_socket(conn, req);
2727 #elif defined(TRANS_PF)
2728  const or_options_t *options = get_options();
2729 
2730  if (options->TransProxyType_parsed == TPT_PF_DIVERT)
2731  return destination_from_socket(conn, req);
2732 
2733  if (options->TransProxyType_parsed == TPT_DEFAULT ||
2734  options->TransProxyType_parsed == TPT_IPFW)
2735  return destination_from_pf(conn, req);
2736 
2737  (void)conn;
2738  (void)req;
2739  log_warn(LD_BUG, "Proxy destination determination mechanism %s unknown.",
2740  options->TransProxyType);
2741  return -1;
2742 #else
2743  (void)conn;
2744  (void)req;
2745  log_warn(LD_BUG, "Called connection_ap_get_original_destination, but no "
2746  "transparent proxy method was configured.");
2747  return -1;
2748 #endif /* defined(TRANS_NETFILTER) || ... */
2749 }
2750 
2751 /** connection_edge_process_inbuf() found a conn in state
2752  * socks_wait. See if conn->inbuf has the right bytes to proceed with
2753  * the socks handshake.
2754  *
2755  * If the handshake is complete, send it to
2756  * connection_ap_handshake_rewrite_and_attach().
2757  *
2758  * Return -1 if an unexpected error with conn occurs (and mark it for close),
2759  * else return 0.
2760  */
2761 static int
2763 {
2764  socks_request_t *socks;
2765  int sockshere;
2766  const or_options_t *options = get_options();
2767  int had_reply = 0;
2768  connection_t *base_conn = ENTRY_TO_CONN(conn);
2769 
2770  tor_assert(conn);
2771  tor_assert(base_conn->type == CONN_TYPE_AP);
2772  tor_assert(base_conn->state == AP_CONN_STATE_SOCKS_WAIT);
2773  tor_assert(conn->socks_request);
2774  socks = conn->socks_request;
2775 
2776  log_debug(LD_APP,"entered.");
2777 
2778  sockshere = fetch_from_buf_socks(base_conn->inbuf, socks,
2779  options->TestSocks, options->SafeSocks);
2780 
2781  if (socks->replylen) {
2782  had_reply = 1;
2783  connection_buf_add((const char*)socks->reply, socks->replylen,
2784  base_conn);
2785  socks->replylen = 0;
2786  if (sockshere == -1) {
2787  /* An invalid request just got a reply, no additional
2788  * one is necessary. */
2789  socks->has_finished = 1;
2790  }
2791  }
2792 
2793  if (sockshere == 0) {
2794  log_debug(LD_APP,"socks handshake not all here yet.");
2795  return 0;
2796  } else if (sockshere == -1) {
2797  if (!had_reply) {
2798  log_warn(LD_APP,"Fetching socks handshake failed. Closing.");
2801  }
2802  connection_mark_unattached_ap(conn,
2805  return -1;
2806  } /* else socks handshake is done, continue processing */
2807 
2808  if (SOCKS_COMMAND_IS_CONNECT(socks->command))
2809  control_event_stream_status(conn, STREAM_EVENT_NEW, 0);
2810  else
2811  control_event_stream_status(conn, STREAM_EVENT_NEW_RESOLVE, 0);
2812 
2813  return connection_ap_rewrite_and_attach_if_allowed(conn, NULL, NULL);
2814 }
2815 
2816 /** connection_init_accepted_conn() found a new trans AP conn.
2817  * Get the original destination and send it to
2818  * connection_ap_handshake_rewrite_and_attach().
2819  *
2820  * Return -1 if an unexpected error with conn (and it should be marked
2821  * for close), else return 0.
2822  */
2823 int
2825 {
2826  socks_request_t *socks;
2827 
2828  tor_assert(conn);
2829  tor_assert(conn->socks_request);
2830  socks = conn->socks_request;
2831 
2832  /* pretend that a socks handshake completed so we don't try to
2833  * send a socks reply down a transparent conn */
2834  socks->command = SOCKS_COMMAND_CONNECT;
2835  socks->has_finished = 1;
2836 
2837  log_debug(LD_APP,"entered.");
2838 
2839  if (connection_ap_get_original_destination(conn, socks) < 0) {
2840  log_warn(LD_APP,"Fetching original destination failed. Closing.");
2841  connection_mark_unattached_ap(conn,
2843  return -1;
2844  }
2845  /* we have the original destination */
2846 
2847  control_event_stream_status(conn, STREAM_EVENT_NEW, 0);
2848 
2849  return connection_ap_rewrite_and_attach_if_allowed(conn, NULL, NULL);
2850 }
2851 
2852 /** connection_edge_process_inbuf() found a conn in state natd_wait. See if
2853  * conn->inbuf has the right bytes to proceed. See FreeBSD's libalias(3) and
2854  * ProxyEncodeTcpStream() in src/lib/libalias/alias_proxy.c for the encoding
2855  * form of the original destination.
2856  *
2857  * If the original destination is complete, send it to
2858  * connection_ap_handshake_rewrite_and_attach().
2859  *
2860  * Return -1 if an unexpected error with conn (and it should be marked
2861  * for close), else return 0.
2862  */
2863 static int
2865 {
2866  char tmp_buf[36], *tbuf, *daddr;
2867  size_t tlen = 30;
2868  int err, port_ok;
2869  socks_request_t *socks;
2870 
2871  tor_assert(conn);
2873  tor_assert(conn->socks_request);
2874  socks = conn->socks_request;
2875 
2876  log_debug(LD_APP,"entered.");
2877 
2878  /* look for LF-terminated "[DEST ip_addr port]"
2879  * where ip_addr is a dotted-quad and port is in string form */
2880  err = connection_buf_get_line(ENTRY_TO_CONN(conn), tmp_buf, &tlen);
2881  if (err == 0)
2882  return 0;
2883  if (err < 0) {
2884  log_warn(LD_APP,"NATD handshake failed (DEST too long). Closing");
2885  connection_mark_unattached_ap(conn, END_STREAM_REASON_INVALID_NATD_DEST);
2886  return -1;
2887  }
2888 
2889  if (strcmpstart(tmp_buf, "[DEST ")) {
2890  log_warn(LD_APP,"NATD handshake was ill-formed; closing. The client "
2891  "said: %s",
2892  escaped(tmp_buf));
2893  connection_mark_unattached_ap(conn, END_STREAM_REASON_INVALID_NATD_DEST);
2894  return -1;
2895  }
2896 
2897  daddr = tbuf = &tmp_buf[0] + 6; /* after end of "[DEST " */
2898  if (!(tbuf = strchr(tbuf, ' '))) {
2899  log_warn(LD_APP,"NATD handshake was ill-formed; closing. The client "
2900  "said: %s",
2901  escaped(tmp_buf));
2902  connection_mark_unattached_ap(conn, END_STREAM_REASON_INVALID_NATD_DEST);
2903  return -1;
2904  }
2905  *tbuf++ = '\0';
2906 
2907  /* pretend that a socks handshake completed so we don't try to
2908  * send a socks reply down a natd conn */
2909  strlcpy(socks->address, daddr, sizeof(socks->address));
2910  socks->port = (uint16_t)
2911  tor_parse_long(tbuf, 10, 1, 65535, &port_ok, &daddr);
2912  if (!port_ok) {
2913  log_warn(LD_APP,"NATD handshake failed; port %s is ill-formed or out "
2914  "of range.", escaped(tbuf));
2915  connection_mark_unattached_ap(conn, END_STREAM_REASON_INVALID_NATD_DEST);
2916  return -1;
2917  }
2918 
2919  socks->command = SOCKS_COMMAND_CONNECT;
2920  socks->has_finished = 1;
2921 
2922  control_event_stream_status(conn, STREAM_EVENT_NEW, 0);
2923 
2925 
2926  return connection_ap_rewrite_and_attach_if_allowed(conn, NULL, NULL);
2927 }
2928 
2929 static const char HTTP_CONNECT_IS_NOT_AN_HTTP_PROXY_MSG[] =
2930  "HTTP/1.0 405 Method Not Allowed\r\n"
2931  "Content-Type: text/html; charset=iso-8859-1\r\n\r\n"
2932  "<html>\n"
2933  "<head>\n"
2934  "<title>This is an HTTP CONNECT tunnel, not a full HTTP Proxy</title>\n"
2935  "</head>\n"
2936  "<body>\n"
2937  "<h1>This is an HTTP CONNECT tunnel, not an HTTP proxy.</h1>\n"
2938  "<p>\n"
2939  "It appears you have configured your web browser to use this Tor port as\n"
2940  "an HTTP proxy.\n"
2941  "</p><p>\n"
2942  "This is not correct: This port is configured as a CONNECT tunnel, not\n"
2943  "an HTTP proxy. Please configure your client accordingly. You can also\n"
2944  "use HTTPS; then the client should automatically use HTTP CONNECT."
2945  "</p>\n"
2946  "<p>\n"
2947  "See <a href=\"https://www.torproject.org/documentation.html\">"
2948  "https://www.torproject.org/documentation.html</a> for more "
2949  "information.\n"
2950  "</p>\n"
2951  "</body>\n"
2952  "</html>\n";
2953 
2954 /** Called on an HTTP CONNECT entry connection when some bytes have arrived,
2955  * but we have not yet received a full HTTP CONNECT request. Try to parse an
2956  * HTTP CONNECT request from the connection's inbuf. On success, set up the
2957  * connection's socks_request field and try to attach the connection. On
2958  * failure, send an HTTP reply, and mark the connection.
2959  */
2960 STATIC int
2962 {
2963  if (BUG(ENTRY_TO_CONN(conn)->state != AP_CONN_STATE_HTTP_CONNECT_WAIT))
2964  return -1;
2965 
2966  char *headers = NULL, *body = NULL;
2967  char *command = NULL, *addrport = NULL;
2968  char *addr = NULL;
2969  size_t bodylen = 0;
2970 
2971  const char *errmsg = NULL;
2972  int rv = 0;
2973 
2974  const int http_status =
2975  fetch_from_buf_http(ENTRY_TO_CONN(conn)->inbuf, &headers, 8192,
2976  &body, &bodylen, 1024, 0);
2977  if (http_status < 0) {
2978  /* Bad http status */
2979  errmsg = "HTTP/1.0 400 Bad Request\r\n\r\n";
2980  goto err;
2981  } else if (http_status == 0) {
2982  /* no HTTP request yet. */
2983  goto done;
2984  }
2985 
2986  const int cmd_status = parse_http_command(headers, &command, &addrport);
2987  if (cmd_status < 0) {
2988  errmsg = "HTTP/1.0 400 Bad Request\r\n\r\n";
2989  goto err;
2990  }
2992  tor_assert(addrport);
2993  if (strcasecmp(command, "connect")) {
2994  errmsg = HTTP_CONNECT_IS_NOT_AN_HTTP_PROXY_MSG;
2995  goto err;
2996  }
2997 
2998  tor_assert(conn->socks_request);
2999  socks_request_t *socks = conn->socks_request;
3000  uint16_t port;
3001  if (tor_addr_port_split(LOG_WARN, addrport, &addr, &port) < 0) {
3002  errmsg = "HTTP/1.0 400 Bad Request\r\n\r\n";
3003  goto err;
3004  }
3005  if (strlen(addr) >= MAX_SOCKS_ADDR_LEN) {
3006  errmsg = "HTTP/1.0 414 Request-URI Too Long\r\n\r\n";
3007  goto err;
3008  }
3009 
3010  /* Abuse the 'username' and 'password' fields here. They are already an
3011  * abuse. */
3012  {
3013  char *authorization = http_get_header(headers, "Proxy-Authorization: ");
3014  if (authorization) {
3015  socks->username = authorization; // steal reference
3016  socks->usernamelen = strlen(authorization);
3017  }
3018  char *isolation = http_get_header(headers, "X-Tor-Stream-Isolation: ");
3019  if (isolation) {
3020  socks->password = isolation; // steal reference
3021  socks->passwordlen = strlen(isolation);
3022  }
3023  }
3024 
3025  socks->command = SOCKS_COMMAND_CONNECT;
3027  strlcpy(socks->address, addr, sizeof(socks->address));
3028  socks->port = port;
3029 
3030  control_event_stream_status(conn, STREAM_EVENT_NEW, 0);
3031 
3032  rv = connection_ap_rewrite_and_attach_if_allowed(conn, NULL, NULL);
3033 
3034  // XXXX send a "100 Continue" message?
3035 
3036  goto done;
3037 
3038  err:
3039  if (BUG(errmsg == NULL))
3040  errmsg = "HTTP/1.0 400 Bad Request\r\n\r\n";
3041  log_info(LD_EDGE, "HTTP tunnel error: saying %s", escaped(errmsg));
3042  connection_buf_add(errmsg, strlen(errmsg), ENTRY_TO_CONN(conn));
3043  /* Mark it as "has_finished" so that we don't try to send an extra socks
3044  * reply. */
3045  conn->socks_request->has_finished = 1;
3046  connection_mark_unattached_ap(conn,
3049 
3050  done:
3051  tor_free(headers);
3052  tor_free(body);
3053  tor_free(command);
3054  tor_free(addrport);
3055  tor_free(addr);
3056  return rv;
3057 }
3058 
3059 /** Iterate over the two bytes of stream_id until we get one that is not
3060  * already in use; return it. Return 0 if can't get a unique stream_id.
3061  */
3062 streamid_t
3064 {
3065  edge_connection_t *tmpconn;
3066  streamid_t test_stream_id;
3067  uint32_t attempts=0;
3068 
3069  again:
3070  test_stream_id = circ->next_stream_id++;
3071  if (++attempts > 1<<16) {
3072  /* Make sure we don't loop forever if all stream_id's are used. */
3073  log_warn(LD_APP,"No unused stream IDs. Failing.");
3074  return 0;
3075  }
3076  if (test_stream_id == 0)
3077  goto again;
3078  for (tmpconn = circ->p_streams; tmpconn; tmpconn=tmpconn->next_stream)
3079  if (tmpconn->stream_id == test_stream_id)
3080  goto again;
3081 
3083  test_stream_id))
3084  goto again;
3085 
3086  return test_stream_id;
3087 }
3088 
3089 /** Return true iff <b>conn</b> is linked to a circuit and configured to use
3090  * an exit that supports optimistic data. */
3091 static int
3093 {
3094  const edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
3095  /* We can only send optimistic data if we're connected to an open
3096  general circuit. */
3097  if (edge_conn->on_circuit == NULL ||
3098  edge_conn->on_circuit->state != CIRCUIT_STATE_OPEN ||
3099  (edge_conn->on_circuit->purpose != CIRCUIT_PURPOSE_C_GENERAL &&
3103  return 0;
3104 
3105  return conn->may_use_optimistic_data;
3106 }
3107 
3108 /** Return a bitmask of BEGIN_FLAG_* flags that we should transmit in the
3109  * RELAY_BEGIN cell for <b>ap_conn</b>. */
3110 static uint32_t
3112 {
3113  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(ap_conn);
3114  const node_t *exitnode = NULL;
3115  const crypt_path_t *cpath_layer = edge_conn->cpath_layer;
3116  uint32_t flags = 0;
3117 
3118  /* No flags for begindir */
3119  if (ap_conn->use_begindir)
3120  return 0;
3121 
3122  /* No flags for hidden services. */
3123  if (edge_conn->on_circuit->purpose != CIRCUIT_PURPOSE_C_GENERAL)
3124  return 0;
3125 
3126  /* If only IPv4 is supported, no flags */
3127  if (ap_conn->entry_cfg.ipv4_traffic && !ap_conn->entry_cfg.ipv6_traffic)
3128  return 0;
3129 
3130  if (! cpath_layer ||
3131  ! cpath_layer->extend_info)
3132  return 0;
3133 
3134  if (!ap_conn->entry_cfg.ipv4_traffic)
3135  flags |= BEGIN_FLAG_IPV4_NOT_OK;
3136 
3137  exitnode = node_get_by_id(cpath_layer->extend_info->identity_digest);
3138 
3139  if (ap_conn->entry_cfg.ipv6_traffic && exitnode) {
3140  tor_addr_t a;
3141  tor_addr_make_null(&a, AF_INET6);
3143  exitnode)
3144  != ADDR_POLICY_REJECTED) {
3145  /* Only say "IPv6 OK" if the exit node supports IPv6. Otherwise there's
3146  * no point. */
3147  flags |= BEGIN_FLAG_IPV6_OK;
3148  }
3149  }
3150 
3151  if (flags == BEGIN_FLAG_IPV6_OK) {
3152  /* When IPv4 and IPv6 are both allowed, consider whether to say we
3153  * prefer IPv6. Otherwise there's no point in declaring a preference */
3154  if (ap_conn->entry_cfg.prefer_ipv6)
3155  flags |= BEGIN_FLAG_IPV6_PREFERRED;
3156  }
3157 
3158  if (flags == BEGIN_FLAG_IPV4_NOT_OK) {
3159  log_warn(LD_EDGE, "I'm about to ask a node for a connection that I "
3160  "am telling it to fulfil with neither IPv4 nor IPv6. That's "
3161  "not going to work. Did you perhaps ask for an IPv6 address "
3162  "on an IPv4Only port, or vice versa?");
3163  }
3164 
3165  return flags;
3166 }
3167 
3168 /** Write a relay begin cell, using destaddr and destport from ap_conn's
3169  * socks_request field, and send it down circ.
3170  *
3171  * If ap_conn is broken, mark it for close and return -1. Else return 0.
3172  */
3173 MOCK_IMPL(int,
3175 {
3176  char payload[CELL_PAYLOAD_SIZE];
3177  int payload_len;
3178  int begin_type;
3179  const or_options_t *options = get_options();
3180  origin_circuit_t *circ;
3181  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(ap_conn);
3182  connection_t *base_conn = TO_CONN(edge_conn);
3183  tor_assert(edge_conn->on_circuit);
3184  circ = TO_ORIGIN_CIRCUIT(edge_conn->on_circuit);
3185 
3186  tor_assert(base_conn->type == CONN_TYPE_AP);
3188  tor_assert(ap_conn->socks_request);
3189  tor_assert(SOCKS_COMMAND_IS_CONNECT(ap_conn->socks_request->command));
3190 
3191  edge_conn->stream_id = get_unique_stream_id_by_circ(circ);
3192  if (edge_conn->stream_id==0) {
3193  /* XXXX+ Instead of closing this stream, we should make it get
3194  * retried on another circuit. */
3195  connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
3196 
3197  /* Mark this circuit "unusable for new streams". */
3199  return -1;
3200  }
3201 
3202  /* Set up begin cell flags. */
3203  edge_conn->begincell_flags = connection_ap_get_begincell_flags(ap_conn);
3204 
3205  tor_snprintf(payload,RELAY_PAYLOAD_SIZE, "%s:%d",
3206  (circ->base_.purpose == CIRCUIT_PURPOSE_C_GENERAL) ?
3207  ap_conn->socks_request->address : "",
3208  ap_conn->socks_request->port);
3209  payload_len = (int)strlen(payload)+1;
3210  if (payload_len <= RELAY_PAYLOAD_SIZE - 4 && edge_conn->begincell_flags) {
3211  set_uint32(payload + payload_len, htonl(edge_conn->begincell_flags));
3212  payload_len += 4;
3213  }
3214 
3215  log_info(LD_APP,
3216  "Sending relay cell %d on circ %u to begin stream %d.",
3217  (int)ap_conn->use_begindir,
3218  (unsigned)circ->base_.n_circ_id,
3219  edge_conn->stream_id);
3220 
3221  begin_type = ap_conn->use_begindir ?
3222  RELAY_COMMAND_BEGIN_DIR : RELAY_COMMAND_BEGIN;
3223 
3224  /* Check that circuits are anonymised, based on their type. */
3225  if (begin_type == RELAY_COMMAND_BEGIN) {
3226  /* This connection is a standard OR connection.
3227  * Make sure its path length is anonymous, or that we're in a
3228  * non-anonymous mode. */
3229  assert_circ_anonymity_ok(circ, options);
3230  } else if (begin_type == RELAY_COMMAND_BEGIN_DIR) {
3231  /* This connection is a begindir directory connection.
3232  * Look at the linked directory connection to access the directory purpose.
3233  * If a BEGINDIR connection is ever not linked, that's a bug. */
3234  if (BUG(!base_conn->linked)) {
3235  return -1;
3236  }
3237  connection_t *linked_dir_conn_base = base_conn->linked_conn;
3238  /* If the linked connection has been unlinked by other code, we can't send
3239  * a begin cell on it. */
3240  if (!linked_dir_conn_base) {
3241  return -1;
3242  }
3243  /* Sensitive directory connections must have an anonymous path length.
3244  * Otherwise, directory connections are typically one-hop.
3245  * This matches the earlier check for directory connection path anonymity
3246  * in directory_initiate_request(). */
3247  if (purpose_needs_anonymity(linked_dir_conn_base->purpose,
3248  TO_DIR_CONN(linked_dir_conn_base)->router_purpose,
3249  TO_DIR_CONN(linked_dir_conn_base)->requested_resource)) {
3250  assert_circ_anonymity_ok(circ, options);
3251  }
3252  } else {
3253  /* This code was written for the two connection types BEGIN and BEGIN_DIR
3254  */
3255  tor_assert_unreached();
3256  }
3257 
3258  if (connection_edge_send_command(edge_conn, begin_type,
3259  begin_type == RELAY_COMMAND_BEGIN ? payload : NULL,
3260  begin_type == RELAY_COMMAND_BEGIN ? payload_len : 0) < 0)
3261  return -1; /* circuit is closed, don't continue */
3262 
3263  edge_conn->package_window = STREAMWINDOW_START;
3264  edge_conn->deliver_window = STREAMWINDOW_START;
3265  base_conn->state = AP_CONN_STATE_CONNECT_WAIT;
3266  log_info(LD_APP,"Address/port sent, ap socket "TOR_SOCKET_T_FORMAT
3267  ", n_circ_id %u",
3268  base_conn->s, (unsigned)circ->base_.n_circ_id);
3269  control_event_stream_status(ap_conn, STREAM_EVENT_SENT_CONNECT, 0);
3270 
3271  /* If there's queued-up data, send it now */
3272  if ((connection_get_inbuf_len(base_conn) ||
3273  ap_conn->sending_optimistic_data) &&
3275  log_info(LD_APP, "Sending up to %ld + %ld bytes of queued-up data",
3276  (long)connection_get_inbuf_len(base_conn),
3277  ap_conn->sending_optimistic_data ?
3278  (long)buf_datalen(ap_conn->sending_optimistic_data) : 0);
3279  if (connection_edge_package_raw_inbuf(edge_conn, 1, NULL) < 0) {
3280  connection_mark_for_close(base_conn);
3281  }
3282  }
3283 
3284  return 0;
3285 }
3286 
3287 /** Write a relay resolve cell, using destaddr and destport from ap_conn's
3288  * socks_request field, and send it down circ.
3289  *
3290  * If ap_conn is broken, mark it for close and return -1. Else return 0.
3291  */
3292 int
3294 {
3295  int payload_len, command;
3296  const char *string_addr;
3297  char inaddr_buf[REVERSE_LOOKUP_NAME_BUF_LEN];
3298  origin_circuit_t *circ;
3299  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(ap_conn);
3300  connection_t *base_conn = TO_CONN(edge_conn);
3301  tor_assert(edge_conn->on_circuit);
3302  circ = TO_ORIGIN_CIRCUIT(edge_conn->on_circuit);
3303 
3304  tor_assert(base_conn->type == CONN_TYPE_AP);
3306  tor_assert(ap_conn->socks_request);
3308 
3309  command = ap_conn->socks_request->command;
3310  tor_assert(SOCKS_COMMAND_IS_RESOLVE(command));
3311 
3312  edge_conn->stream_id = get_unique_stream_id_by_circ(circ);
3313  if (edge_conn->stream_id==0) {
3314  /* XXXX+ Instead of closing this stream, we should make it get
3315  * retried on another circuit. */
3316  connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
3317 
3318  /* Mark this circuit "unusable for new streams". */
3320  return -1;
3321  }
3322 
3323  if (command == SOCKS_COMMAND_RESOLVE) {
3324  string_addr = ap_conn->socks_request->address;
3325  payload_len = (int)strlen(string_addr)+1;
3326  } else {
3327  /* command == SOCKS_COMMAND_RESOLVE_PTR */
3328  const char *a = ap_conn->socks_request->address;
3329  tor_addr_t addr;
3330  int r;
3331 
3332  /* We're doing a reverse lookup. The input could be an IP address, or
3333  * could be an .in-addr.arpa or .ip6.arpa address */
3334  r = tor_addr_parse_PTR_name(&addr, a, AF_UNSPEC, 1);
3335  if (r <= 0) {
3336  log_warn(LD_APP, "Rejecting ill-formed reverse lookup of %s",
3337  safe_str_client(a));
3338  connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
3339  return -1;
3340  }
3341 
3342  r = tor_addr_to_PTR_name(inaddr_buf, sizeof(inaddr_buf), &addr);
3343  if (r < 0) {
3344  log_warn(LD_BUG, "Couldn't generate reverse lookup hostname of %s",
3345  safe_str_client(a));
3346  connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
3347  return -1;
3348  }
3349 
3350  string_addr = inaddr_buf;
3351  payload_len = (int)strlen(inaddr_buf)+1;
3352  tor_assert(payload_len <= (int)sizeof(inaddr_buf));
3353  }
3354 
3355  log_debug(LD_APP,
3356  "Sending relay cell to begin stream %d.", edge_conn->stream_id);
3357 
3358  if (connection_edge_send_command(edge_conn,
3359  RELAY_COMMAND_RESOLVE,
3360  string_addr, payload_len) < 0)
3361  return -1; /* circuit is closed, don't continue */
3362 
3363  if (!base_conn->address) {
3364  /* This might be unnecessary. XXXX */
3365  base_conn->address = tor_addr_to_str_dup(&base_conn->addr);
3366  }
3367  base_conn->state = AP_CONN_STATE_RESOLVE_WAIT;
3368  log_info(LD_APP,"Address sent for resolve, ap socket "TOR_SOCKET_T_FORMAT
3369  ", n_circ_id %u",
3370  base_conn->s, (unsigned)circ->base_.n_circ_id);
3371  control_event_stream_status(ap_conn, STREAM_EVENT_SENT_RESOLVE, 0);
3372  return 0;
3373 }
3374 
3375 /** Make an AP connection_t linked to the connection_t <b>partner</b>. make a
3376  * new linked connection pair, and attach one side to the conn, connection_add
3377  * it, initialize it to circuit_wait, and call
3378  * connection_ap_handshake_attach_circuit(conn) on it.
3379  *
3380  * Return the newly created end of the linked connection pair, or -1 if error.
3381  */
3384  char *address, uint16_t port,
3385  const char *digest,
3386  int session_group, int isolation_flags,
3387  int use_begindir, int want_onehop)
3388 {
3389  entry_connection_t *conn;
3390  connection_t *base_conn;
3391 
3392  log_info(LD_APP,"Making internal %s tunnel to %s:%d ...",
3393  want_onehop ? "direct" : "anonymized",
3394  safe_str_client(address), port);
3395 
3397  base_conn = ENTRY_TO_CONN(conn);
3398  base_conn->linked = 1; /* so that we can add it safely below. */
3399 
3400  /* populate conn->socks_request */
3401 
3402  /* leave version at zero, so the socks_reply is empty */
3403  conn->socks_request->socks_version = 0;
3404  conn->socks_request->has_finished = 0; /* waiting for 'connected' */
3405  strlcpy(conn->socks_request->address, address,
3406  sizeof(conn->socks_request->address));
3407  conn->socks_request->port = port;
3409  conn->want_onehop = want_onehop;
3410  conn->use_begindir = use_begindir;
3411  if (use_begindir) {
3412  conn->chosen_exit_name = tor_malloc(HEX_DIGEST_LEN+2);
3413  conn->chosen_exit_name[0] = '$';
3414  tor_assert(digest);
3416  digest, DIGEST_LEN);
3417  }
3418 
3419  /* Populate isolation fields. */
3421  conn->original_dest_address = tor_strdup(address);
3422  conn->entry_cfg.session_group = session_group;
3423  conn->entry_cfg.isolation_flags = isolation_flags;
3424 
3425  base_conn->address = tor_strdup("(Tor_internal)");
3426  tor_addr_make_unspec(&base_conn->addr);
3427  base_conn->port = 0;
3428 
3429  connection_link_connections(partner, base_conn);
3430 
3431  if (connection_add(base_conn) < 0) { /* no space, forget it */
3432  connection_free(base_conn);
3433  return NULL;
3434  }
3435 
3436  base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
3437 
3438  control_event_stream_status(conn, STREAM_EVENT_NEW, 0);
3439 
3440  /* attaching to a dirty circuit is fine */
3441  connection_ap_mark_as_pending_circuit(conn);
3442  log_info(LD_APP,"... application connection created and linked.");
3443  return conn;
3444 }
3445 
3446 /** Notify any interested controller connections about a new hostname resolve
3447  * or resolve error. Takes the same arguments as does
3448  * connection_ap_handshake_socks_resolved(). */
3449 static void
3451  int answer_type,
3452  size_t answer_len,
3453  const char *answer,
3454  int ttl,
3455  time_t expires)
3456 {
3457  expires = time(NULL) + ttl;
3458  if (answer_type == RESOLVED_TYPE_IPV4 && answer_len >= 4) {
3459  char *cp = tor_dup_ip(ntohl(get_uint32(answer)));
3461  cp, expires, NULL, 0);
3462  tor_free(cp);
3463  } else if (answer_type == RESOLVED_TYPE_HOSTNAME && answer_len < 256) {
3464  char *cp = tor_strndup(answer, answer_len);
3466  cp, expires, NULL, 0);
3467  tor_free(cp);
3468  } else {
3470  "<error>", time(NULL)+ttl,
3471  "error=yes", 0);
3472  }
3473 }
3474 
3475 /**
3476  * As connection_ap_handshake_socks_resolved, but take a tor_addr_t to send
3477  * as the answer.
3478  */
3479 void
3481  const tor_addr_t *answer,
3482  int ttl,
3483  time_t expires)
3484 {
3485  if (tor_addr_family(answer) == AF_INET) {
3486  uint32_t a = tor_addr_to_ipv4n(answer); /* network order */
3487  connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_IPV4,4,
3488  (uint8_t*)&a,
3489  ttl, expires);
3490  } else if (tor_addr_family(answer) == AF_INET6) {
3491  const uint8_t *a = tor_addr_to_in6_addr8(answer);
3492  connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_IPV6,16,
3493  a,
3494  ttl, expires);
3495  } else {
3496  log_warn(LD_BUG, "Got called with address of unexpected family %d",
3497  tor_addr_family(answer));
3499  RESOLVED_TYPE_ERROR,0,NULL,-1,-1);
3500  }
3501 }
3502 
3503 /** Send an answer to an AP connection that has requested a DNS lookup via
3504  * SOCKS. The type should be one of RESOLVED_TYPE_(IPV4|IPV6|HOSTNAME) or -1
3505  * for unreachable; the answer should be in the format specified in the socks
3506  * extensions document. <b>ttl</b> is the ttl for the answer, or -1 on
3507  * certain errors or for values that didn't come via DNS. <b>expires</b> is
3508  * a time when the answer expires, or -1 or TIME_MAX if there's a good TTL.
3509  **/
3510 /* XXXX the use of the ttl and expires fields is nutty. Let's make this
3511  * interface and those that use it less ugly. */
3512 MOCK_IMPL(void,
3514  int answer_type,
3515  size_t answer_len,
3516  const uint8_t *answer,
3517  int ttl,
3518  time_t expires))
3519 {
3520  char buf[384];
3521  size_t replylen;
3522 
3523  if (ttl >= 0) {
3524  if (answer_type == RESOLVED_TYPE_IPV4 && answer_len == 4) {
3525  tor_addr_t a;
3526  tor_addr_from_ipv4n(&a, get_uint32(answer));
3527  if (! tor_addr_is_null(&a)) {
3529  conn->socks_request->address, &a,
3530  conn->chosen_exit_name, ttl);
3531  }
3532  } else if (answer_type == RESOLVED_TYPE_IPV6 && answer_len == 16) {
3533  tor_addr_t a;
3534  tor_addr_from_ipv6_bytes(&a, (char*)answer);
3535  if (! tor_addr_is_null(&a)) {
3537  conn->socks_request->address, &a,
3538  conn->chosen_exit_name, ttl);
3539  }
3540  } else if (answer_type == RESOLVED_TYPE_HOSTNAME && answer_len < 256) {
3541  char *cp = tor_strndup((char*)answer, answer_len);
3543  conn->socks_request->address,
3544  cp,
3545  conn->chosen_exit_name, ttl);
3546  tor_free(cp);
3547  }
3548  }
3549 
3550  if (ENTRY_TO_EDGE_CONN(conn)->is_dns_request) {
3551  if (conn->dns_server_request) {
3552  /* We had a request on our DNS port: answer it. */
3553  dnsserv_resolved(conn, answer_type, answer_len, (char*)answer, ttl);
3554  conn->socks_request->has_finished = 1;
3555  return;
3556  } else {
3557  /* This must be a request from the controller. Since answers to those
3558  * requests are not cached, they do not generate an ADDRMAP event on
3559  * their own. */
3560  tell_controller_about_resolved_result(conn, answer_type, answer_len,
3561  (char*)answer, ttl, expires);
3562  conn->socks_request->has_finished = 1;
3563  return;
3564  }
3565  /* We shouldn't need to free conn here; it gets marked by the caller. */
3566  }
3567 
3568  if (conn->socks_request->socks_version == 4) {
3569  buf[0] = 0x00; /* version */
3570  if (answer_type == RESOLVED_TYPE_IPV4 && answer_len == 4) {
3571  buf[1] = SOCKS4_GRANTED;
3572  set_uint16(buf+2, 0);
3573  memcpy(buf+4, answer, 4); /* address */
3574  replylen = SOCKS4_NETWORK_LEN;
3575  } else { /* "error" */
3576  buf[1] = SOCKS4_REJECT;
3577  memset(buf+2, 0, 6);
3578  replylen = SOCKS4_NETWORK_LEN;
3579  }
3580  } else if (conn->socks_request->socks_version == 5) {
3581  /* SOCKS5 */
3582  buf[0] = 0x05; /* version */
3583  if (answer_type == RESOLVED_TYPE_IPV4 && answer_len == 4) {
3584  buf[1] = SOCKS5_SUCCEEDED;
3585  buf[2] = 0; /* reserved */
3586  buf[3] = 0x01; /* IPv4 address type */
3587  memcpy(buf+4, answer, 4); /* address */
3588  set_uint16(buf+8, 0); /* port == 0. */
3589  replylen = 10;
3590  } else if (answer_type == RESOLVED_TYPE_IPV6 && answer_len == 16) {
3591  buf[1] = SOCKS5_SUCCEEDED;
3592  buf[2] = 0; /* reserved */
3593  buf[3] = 0x04; /* IPv6 address type */
3594  memcpy(buf+4, answer, 16); /* address */
3595  set_uint16(buf+20, 0); /* port == 0. */
3596  replylen = 22;
3597  } else if (answer_type == RESOLVED_TYPE_HOSTNAME && answer_len < 256) {
3598  buf[1] = SOCKS5_SUCCEEDED;
3599  buf[2] = 0; /* reserved */
3600  buf[3] = 0x03; /* Domainname address type */
3601  buf[4] = (char)answer_len;
3602  memcpy(buf+5, answer, answer_len); /* address */
3603  set_uint16(buf+5+answer_len, 0); /* port == 0. */
3604  replylen = 5+answer_len+2;
3605  } else {
3606  buf[1] = SOCKS5_HOST_UNREACHABLE;
3607  memset(buf+2, 0, 8);
3608  replylen = 10;
3609  }
3610  } else {
3611  /* no socks version info; don't send anything back */
3612  return;
3613  }
3614  connection_ap_handshake_socks_reply(conn, buf, replylen,
3615  (answer_type == RESOLVED_TYPE_IPV4 ||
3616  answer_type == RESOLVED_TYPE_IPV6 ||
3617  answer_type == RESOLVED_TYPE_HOSTNAME) ?
3618  0 : END_STREAM_REASON_RESOLVEFAILED);
3619 }
3620 
3621 /** Send a socks reply to stream <b>conn</b>, using the appropriate
3622  * socks version, etc, and mark <b>conn</b> as completed with SOCKS
3623  * handshaking.
3624  *
3625  * If <b>reply</b> is defined, then write <b>replylen</b> bytes of it to conn
3626  * and return, else reply based on <b>endreason</b> (one of
3627  * END_STREAM_REASON_*). If <b>reply</b> is undefined, <b>endreason</b> can't
3628  * be 0 or REASON_DONE. Send endreason to the controller, if appropriate.
3629  */
3630 void
3632  size_t replylen, int endreason)
3633 {
3634  char buf[256];
3635  socks5_reply_status_t status;
3636 
3637  tor_assert(conn->socks_request); /* make sure it's an AP stream */
3638 
3641  status = conn->socks_request->socks_extended_error_code;
3642  } else {
3643  status = stream_end_reason_to_socks5_response(endreason);
3644  }
3645 
3646  if (!SOCKS_COMMAND_IS_RESOLVE(conn->socks_request->command)) {
3647  control_event_stream_status(conn, status==SOCKS5_SUCCEEDED ?
3648  STREAM_EVENT_SUCCEEDED : STREAM_EVENT_FAILED,
3649  endreason);
3650  }
3651 
3652  /* Flag this stream's circuit as having completed a stream successfully
3653  * (for path bias) */
3654  if (status == SOCKS5_SUCCEEDED ||
3655  endreason == END_STREAM_REASON_RESOLVEFAILED ||
3656  endreason == END_STREAM_REASON_CONNECTREFUSED ||
3657  endreason == END_STREAM_REASON_CONNRESET ||
3658  endreason == END_STREAM_REASON_NOROUTE ||
3659  endreason == END_STREAM_REASON_RESOURCELIMIT) {
3660  if (!conn->edge_.on_circuit ||
3661  !CIRCUIT_IS_ORIGIN(conn->edge_.on_circuit)) {
3662  if (endreason != END_STREAM_REASON_RESOLVEFAILED) {
3663  log_info(LD_BUG,
3664  "No origin circuit for successful SOCKS stream %"PRIu64
3665  ". Reason: %d",
3666  (ENTRY_TO_CONN(conn)->global_identifier),
3667  endreason);
3668  }
3669  /*
3670  * Else DNS remaps and failed hidden service lookups can send us
3671  * here with END_STREAM_REASON_RESOLVEFAILED; ignore it
3672  *
3673  * Perhaps we could make the test more precise; we can tell hidden
3674  * services by conn->edge_.renddata != NULL; anything analogous for
3675  * the DNS remap case?
3676  */
3677  } else {
3678  // XXX: Hrmm. It looks like optimistic data can't go through this
3679  // codepath, but someone should probably test it and make sure.
3680  // We don't want to mark optimistically opened streams as successful.
3682  }
3683  }
3684 
3685  if (conn->socks_request->has_finished) {
3686  log_warn(LD_BUG, "(Harmless.) duplicate calls to "
3687  "connection_ap_handshake_socks_reply.");
3688  return;
3689  }
3690  if (replylen) { /* we already have a reply in mind */
3691  connection_buf_add(reply, replylen, ENTRY_TO_CONN(conn));
3692  conn->socks_request->has_finished = 1;
3693  return;
3694  }
3695  if (conn->socks_request->listener_type ==
3697  const char *response = end_reason_to_http_connect_response_line(endreason);
3698  if (!response) {
3699  response = "HTTP/1.0 400 Bad Request\r\n\r\n";
3700  }
3701  connection_buf_add(response, strlen(response), ENTRY_TO_CONN(conn));
3702  } else if (conn->socks_request->socks_version == 4) {
3703  memset(buf,0,SOCKS4_NETWORK_LEN);
3704  buf[1] = (status==SOCKS5_SUCCEEDED ? SOCKS4_GRANTED : SOCKS4_REJECT);
3705  /* leave version, destport, destip zero */
3706  connection_buf_add(buf, SOCKS4_NETWORK_LEN, ENTRY_TO_CONN(conn));
3707  } else if (conn->socks_request->socks_version == 5) {
3708  size_t buf_len;
3709  memset(buf,0,sizeof(buf));
3710  if (tor_addr_family(&conn->edge_.base_.addr) == AF_INET) {
3711  buf[0] = 5; /* version 5 */
3712  buf[1] = (char)status;
3713  buf[2] = 0;
3714  buf[3] = 1; /* ipv4 addr */
3715  /* 4 bytes for the header, 2 bytes for the port, 4 for the address. */
3716  buf_len = 10;
3717  } else { /* AF_INET6. */
3718  buf[0] = 5; /* version 5 */
3719  buf[1] = (char)status;
3720  buf[2] = 0;
3721  buf[3] = 4; /* ipv6 addr */
3722  /* 4 bytes for the header, 2 bytes for the port, 16 for the address. */
3723  buf_len = 22;
3724  }
3725  connection_buf_add(buf,buf_len,ENTRY_TO_CONN(conn));
3726  }
3727  /* If socks_version isn't 4 or 5, don't send anything.
3728  * This can happen in the case of AP bridges. */
3729  conn->socks_request->has_finished = 1;
3730  return;
3731 }
3732 
3733 /** Read a RELAY_BEGIN or RELAY_BEGIN_DIR cell from <b>cell</b>, decode it, and
3734  * place the result in <b>bcell</b>. On success return 0; on failure return
3735  * <0 and set *<b>end_reason_out</b> to the end reason we should send back to
3736  * the client.
3737  *
3738  * Return -1 in the case where we want to send a RELAY_END cell, and < -1 when
3739  * we don't.
3740  **/
3741 STATIC int
3742 begin_cell_parse(const cell_t *cell, begin_cell_t *bcell,
3743  uint8_t *end_reason_out)
3744 {
3745  relay_header_t rh;
3746  const uint8_t *body, *nul;
3747 
3748  memset(bcell, 0, sizeof(*bcell));
3749  *end_reason_out = END_STREAM_REASON_MISC;
3750 
3751  relay_header_unpack(&rh, cell->payload);
3752  if (rh.length > RELAY_PAYLOAD_SIZE) {
3753  return -2; /*XXXX why not TORPROTOCOL? */
3754  }
3755 
3756  bcell->stream_id = rh.stream_id;
3757 
3758  if (rh.command == RELAY_COMMAND_BEGIN_DIR) {
3759  bcell->is_begindir = 1;
3760  return 0;
3761  } else if (rh.command != RELAY_COMMAND_BEGIN) {
3762  log_warn(LD_BUG, "Got an unexpected command %d", (int)rh.command);
3763  *end_reason_out = END_STREAM_REASON_INTERNAL;
3764  return -1;
3765  }
3766 
3767  body = cell->payload + RELAY_HEADER_SIZE;
3768  nul = memchr(body, 0, rh.length);
3769  if (! nul) {
3770  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
3771  "Relay begin cell has no \\0. Closing.");
3772  *end_reason_out = END_STREAM_REASON_TORPROTOCOL;
3773  return -1;
3774  }
3775 
3776  if (tor_addr_port_split(LOG_PROTOCOL_WARN,
3777  (char*)(body),
3778  &bcell->address,&bcell->port)<0) {
3779  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
3780  "Unable to parse addr:port in relay begin cell. Closing.");
3781  *end_reason_out = END_STREAM_REASON_TORPROTOCOL;
3782  return -1;
3783  }
3784  if (bcell->port == 0) {
3785  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
3786  "Missing port in relay begin cell. Closing.");
3787  tor_free(bcell->address);
3788  *end_reason_out = END_STREAM_REASON_TORPROTOCOL;
3789  return -1;
3790  }
3791  if (body + rh.length >= nul + 4)
3792  bcell->flags = ntohl(get_uint32(nul+1));
3793 
3794  return 0;
3795 }
3796 
3797 /** For the given <b>circ</b> and the edge connection <b>conn</b>, setup the
3798  * connection, attach it to the circ and connect it. Return 0 on success
3799  * or END_CIRC_AT_ORIGIN if we can't find the requested hidden service port
3800  * where the caller should close the circuit. */
3801 static int
3803 {
3804  int ret;
3805  origin_circuit_t *origin_circ;
3806 
3807  assert_circuit_ok(circ);
3809  tor_assert(conn);
3810 
3811  log_debug(LD_REND, "Connecting the hidden service rendezvous circuit "
3812  "to the service destination.");
3813 
3814  origin_circ = TO_ORIGIN_CIRCUIT(circ);
3815  conn->base_.address = tor_strdup("(rendezvous)");
3816  conn->base_.state = EXIT_CONN_STATE_CONNECTING;
3817 
3818  /* The circuit either has an hs identifier for v3+ or a rend_data for legacy
3819  * service. */
3820  if (origin_circ->rend_data) {
3821  conn->rend_data = rend_data_dup(origin_circ->rend_data);
3823  ret = rend_service_set_connection_addr_port(conn, origin_circ);
3824  } else if (origin_circ->hs_ident) {
3825  /* Setup the identifier to be the one for the circuit service. */
3826  conn->hs_ident =
3829  ret = hs_service_set_conn_addr_port(origin_circ, conn);
3830  } else {
3831  /* We should never get here if the circuit's purpose is rendezvous. */
3832  tor_assert_nonfatal_unreached();
3833  return -1;
3834  }
3835  if (ret < 0) {
3836  log_info(LD_REND, "Didn't find rendezvous service (addr%s, port %d)",
3837  fmt_addr(&TO_CONN(conn)->addr), TO_CONN(conn)->port);
3838  /* Send back reason DONE because we want to make hidden service port
3839  * scanning harder thus instead of returning that the exit policy
3840  * didn't match, which makes it obvious that the port is closed,
3841  * return DONE and kill the circuit. That way, a user (malicious or
3842  * not) needs one circuit per bad port unless it matches the policy of
3843  * the hidden service. */
3845  END_STREAM_REASON_DONE,
3846  origin_circ->cpath->prev);
3847  connection_free_(TO_CONN(conn));
3848 
3849  /* Drop the circuit here since it might be someone deliberately
3850  * scanning the hidden service ports. Note that this mitigates port
3851  * scanning by adding more work on the attacker side to successfully
3852  * scan but does not fully solve it. */
3853  if (ret < -1) {
3854  return END_CIRC_AT_ORIGIN;
3855  } else {
3856  return 0;
3857  }
3858  }
3859 
3860  /* Link the circuit and the connection crypt path. */
3861  conn->cpath_layer = origin_circ->cpath->prev;
3862 
3863  /* If this is the first stream on this circuit, tell circpad */
3864  if (!origin_circ->p_streams)
3866 
3867  /* Add it into the linked list of p_streams on this circuit */
3868  conn->next_stream = origin_circ->p_streams;
3869  origin_circ->p_streams = conn;
3870  conn->on_circuit = circ;
3871  assert_circuit_ok(circ);
3872 
3873  hs_inc_rdv_stream_counter(origin_circ);
3874 
3875  /* If it's an onion service connection, we might want to include the proxy
3876  * protocol header: */
3877  if (conn->hs_ident) {
3878  hs_circuit_id_protocol_t circuit_id_protocol =
3879  hs_service_exports_circuit_id(&conn->hs_ident->identity_pk);
3880  export_hs_client_circuit_id(conn, circuit_id_protocol);
3881  }
3882 
3883  /* Connect tor to the hidden service destination. */
3885 
3886  /* For path bias: This circuit was used successfully */
3887  pathbias_mark_use_success(origin_circ);
3888  return 0;
3889 }
3890 
3891 /** A relay 'begin' or 'begin_dir' cell has arrived, and either we are
3892  * an exit hop for the circuit, or we are the origin and it is a
3893  * rendezvous begin.
3894  *
3895  * Launch a new exit connection and initialize things appropriately.
3896  *
3897  * If it's a rendezvous stream, call connection_exit_connect() on
3898  * it.
3899  *
3900  * For general streams, call dns_resolve() on it first, and only call
3901  * connection_exit_connect() if the dns answer is already known.
3902  *
3903  * Note that we don't call connection_add() on the new stream! We wait
3904  * for connection_exit_connect() to do that.
3905  *
3906  * Return -(some circuit end reason) if we want to tear down <b>circ</b>.
3907  * Else return 0.
3908  */
3909 int
3911 {
3912  edge_connection_t *n_stream;
3913  relay_header_t rh;
3914  char *address = NULL;
3915  uint16_t port = 0;
3916  or_circuit_t *or_circ = NULL;
3917  origin_circuit_t *origin_circ = NULL;
3918  crypt_path_t *layer_hint = NULL;
3919  const or_options_t *options = get_options();
3920  begin_cell_t bcell;
3921  int rv;
3922  uint8_t end_reason=0;
3923 
3924  assert_circuit_ok(circ);
3925  if (!CIRCUIT_IS_ORIGIN(circ)) {
3926  or_circ = TO_OR_CIRCUIT(circ);
3927  } else {
3929  origin_circ = TO_ORIGIN_CIRCUIT(circ);
3930  layer_hint = origin_circ->cpath->prev;
3931  }
3932 
3933  relay_header_unpack(&rh, cell->payload);
3934  if (rh.length > RELAY_PAYLOAD_SIZE)
3935  return -END_CIRC_REASON_TORPROTOCOL;
3936 
3937  if (!server_mode(options) &&
3939  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
3940  "Relay begin cell at non-server. Closing.");
3942  END_STREAM_REASON_EXITPOLICY, NULL);
3943  return 0;
3944  }
3945 
3946  rv = begin_cell_parse(cell, &bcell, &end_reason);
3947  if (rv < -1) {
3948  return -END_CIRC_REASON_TORPROTOCOL;
3949  } else if (rv == -1) {
3950  tor_free(bcell.address);
3951  relay_send_end_cell_from_edge(rh.stream_id, circ, end_reason, layer_hint);
3952  return 0;
3953  }
3954 
3955  if (! bcell.is_begindir) {
3956  /* Steal reference */
3957  tor_assert(bcell.address);
3958  address = bcell.address;
3959  port = bcell.port;
3960 
3961  if (or_circ && or_circ->p_chan) {
3962  const int client_chan = channel_is_client(or_circ->p_chan);
3963  if ((client_chan ||
3965  or_circ->p_chan->identity_digest) &&
3966  should_refuse_unknown_exits(options)))) {
3967  /* Don't let clients use us as a single-hop proxy. It attracts
3968  * attackers and users who'd be better off with, well, single-hop
3969  * proxies. */
3970  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
3971  "Attempt by %s to open a stream %s. Closing.",
3972  safe_str(channel_get_canonical_remote_descr(or_circ->p_chan)),
3973  client_chan ? "on first hop of circuit" :
3974  "from unknown relay");
3976  client_chan ?
3977  END_STREAM_REASON_TORPROTOCOL :
3978  END_STREAM_REASON_MISC,
3979  NULL);
3980  tor_free(address);
3981  return 0;
3982  }
3983  }
3984  } else if (rh.command == RELAY_COMMAND_BEGIN_DIR) {
3985  if (!directory_permits_begindir_requests(options) ||
3986  circ->purpose != CIRCUIT_PURPOSE_OR) {
3988  END_STREAM_REASON_NOTDIRECTORY, layer_hint);
3989  return 0;
3990  }
3991  /* Make sure to get the 'real' address of the previous hop: the
3992  * caller might want to know whether the remote IP address has changed,
3993  * and we might already have corrected base_.addr[ess] for the relay's
3994  * canonical IP address. */
3995  if (or_circ && or_circ->p_chan)
3996  address = tor_strdup(channel_get_actual_remote_address(or_circ->p_chan));
3997  else
3998  address = tor_strdup("127.0.0.1");
3999  port = 1; /* XXXX This value is never actually used anywhere, and there
4000  * isn't "really" a connection here. But we
4001  * need to set it to something nonzero. */
4002  } else {
4003  log_warn(LD_BUG, "Got an unexpected command %d", (int)rh.command);
4005  END_STREAM_REASON_INTERNAL, layer_hint);
4006  return 0;
4007  }
4008 
4009  if (! options->IPv6Exit) {
4010  /* I don't care if you prefer IPv6; I can't give you any. */
4011  bcell.flags &= ~BEGIN_FLAG_IPV6_PREFERRED;
4012  /* If you don't want IPv4, I can't help. */
4013  if (bcell.flags & BEGIN_FLAG_IPV4_NOT_OK) {
4014  tor_free(address);
4016  END_STREAM_REASON_EXITPOLICY, layer_hint);
4017  return 0;
4018  }
4019  }
4020 
4021  log_debug(LD_EXIT,"Creating new exit connection.");
4022  /* The 'AF_INET' here is temporary; we might need to change it later in
4023  * connection_exit_connect(). */
4024  n_stream = edge_connection_new(CONN_TYPE_EXIT, AF_INET);
4025 
4026  /* Remember the tunneled request ID in the new edge connection, so that
4027  * we can measure download times. */
4028  n_stream->dirreq_id = circ->dirreq_id;
4029 
4030  n_stream->base_.purpose = EXIT_PURPOSE_CONNECT;
4031  n_stream->begincell_flags = bcell.flags;
4032  n_stream->stream_id = rh.stream_id;
4033  n_stream->base_.port = port;
4034  /* leave n_stream->s at -1, because it's not yet valid */
4035  n_stream->package_window = STREAMWINDOW_START;
4036  n_stream->deliver_window = STREAMWINDOW_START;
4037 
4038  if (circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED) {
4039  int ret;
4040  tor_free(address);
4041  /* We handle this circuit and stream in this function for all supported
4042  * hidden service version. */
4043  ret = handle_hs_exit_conn(circ, n_stream);
4044 
4045  if (ret == 0) {
4046  /* This was a valid cell. Count it as delivered + overhead. */
4047  circuit_read_valid_data(origin_circ, rh.length);
4048  }
4049  return ret;
4050  }
4051  tor_strlower(address);
4052  n_stream->base_.address = address;
4053  n_stream->base_.state = EXIT_CONN_STATE_RESOLVEFAILED;
4054  /* default to failed, change in dns_resolve if it turns out not to fail */
4055 
4056  /* If we're hibernating or shutting down, we refuse to open new streams. */
4057  if (we_are_hibernating()) {
4059  END_STREAM_REASON_HIBERNATING, NULL);
4060  connection_free_(TO_CONN(n_stream));
4061  return 0;
4062  }
4063 
4064  n_stream->on_circuit = circ;
4065 
4066  if (rh.command == RELAY_COMMAND_BEGIN_DIR) {
4067  tor_addr_t tmp_addr;
4068  tor_assert(or_circ);
4069  if (or_circ->p_chan &&
4070  channel_get_addr_if_possible(or_circ->p_chan, &tmp_addr)) {
4071  tor_addr_copy(&n_stream->base_.addr, &tmp_addr);
4072  }
4073  return connection_exit_connect_dir(n_stream);
4074  }
4075 
4076  log_debug(LD_EXIT,"about to start the dns_resolve().");
4077 
4078  /* send it off to the gethostbyname farm */
4079  switch (dns_resolve(n_stream)) {
4080  case 1: /* resolve worked; now n_stream is attached to circ. */
4081  assert_circuit_ok(circ);
4082  log_debug(LD_EXIT,"about to call connection_exit_connect().");
4083  connection_exit_connect(n_stream);
4084  return 0;
4085  case -1: /* resolve failed */
4087  END_STREAM_REASON_RESOLVEFAILED, NULL);
4088  /* n_stream got freed. don't touch it. */
4089  break;
4090  case 0: /* resolve added to pending list */
4091  assert_circuit_ok(circ);
4092  break;
4093  }
4094  return 0;
4095 }
4096 
4097 /**
4098  * Called when we receive a RELAY_COMMAND_RESOLVE cell 'cell' along the
4099  * circuit <b>circ</b>;
4100  * begin resolving the hostname, and (eventually) reply with a RESOLVED cell.
4101  */
4102 int
4104 {
4105  edge_connection_t *dummy_conn;
4106  relay_header_t rh;
4107 
4109  relay_header_unpack(&rh, cell->payload);
4110  if (rh.length > RELAY_PAYLOAD_SIZE)
4111  return -1;
4112 
4113  /* This 'dummy_conn' only exists to remember the stream ID
4114  * associated with the resolve request; and to make the
4115  * implementation of dns.c more uniform. (We really only need to
4116  * remember the circuit, the stream ID, and the hostname to be
4117  * resolved; but if we didn't store them in a connection like this,
4118  * the housekeeping in dns.c would get way more complicated.)
4119  */
4120  dummy_conn = edge_connection_new(CONN_TYPE_EXIT, AF_INET);
4121  dummy_conn->stream_id = rh.stream_id;
4122  dummy_conn->base_.address = tor_strndup(
4123  (char*)cell->payload+RELAY_HEADER_SIZE,
4124  rh.length);
4125  dummy_conn->base_.port = 0;
4126  dummy_conn->base_.state = EXIT_CONN_STATE_RESOLVEFAILED;
4127  dummy_conn->base_.purpose = EXIT_PURPOSE_RESOLVE;
4128 
4129  dummy_conn->on_circuit = TO_CIRCUIT(circ);
4130 
4131  /* send it off to the gethostbyname farm */
4132  switch (dns_resolve(dummy_conn)) {
4133  case -1: /* Impossible to resolve; a resolved cell was sent. */
4134  /* Connection freed; don't touch it. */
4135  return 0;
4136  case 1: /* The result was cached; a resolved cell was sent. */
4137  if (!dummy_conn->base_.marked_for_close)
4138  connection_free_(TO_CONN(dummy_conn));
4139  return 0;
4140  case 0: /* resolve added to pending list */
4142  break;
4143  }
4144  return 0;
4145 }
4146 
4147 /** Helper: Return true and set *<b>why_rejected</b> to an optional clarifying
4148  * message message iff we do not allow connections to <b>addr</b>:<b>port</b>.
4149  */
4150 static int
4152  uint16_t port,
4153  const char **why_rejected)
4154 {
4155  if (router_compare_to_my_exit_policy(addr, port)) {
4156  *why_rejected = "";
4157  return 1;
4158  } else if (tor_addr_family(addr) == AF_INET6 && !get_options()->IPv6Exit) {
4159  *why_rejected = " (IPv6 address without IPv6Exit configured)";
4160  return 1;
4161  }
4162  return 0;
4163 }
4164 
4165 /** Connect to conn's specified addr and port. If it worked, conn
4166  * has now been added to the connection_array.
4167  *
4168  * Send back a connected cell. Include the resolved IP of the destination
4169  * address, but <em>only</em> if it's a general exit stream. (Rendezvous
4170  * streams must not reveal what IP they connected to.)
4171  */
4172 void
4174 {
4175  const tor_addr_t *addr;
4176  uint16_t port;
4177  connection_t *conn = TO_CONN(edge_conn);
4178  int socket_error = 0, result;
4179  const char *why_failed_exit_policy = NULL;
4180 
4181  /* Apply exit policy to non-rendezvous connections. */
4182  if (! connection_edge_is_rendezvous_stream(edge_conn) &&
4183  my_exit_policy_rejects(&edge_conn->base_.addr,
4184  edge_conn->base_.port,
4185  &why_failed_exit_policy)) {
4186  if (BUG(!why_failed_exit_policy))
4187  why_failed_exit_policy = "";
4188  log_info(LD_EXIT,"%s:%d failed exit policy%s. Closing.",
4189  escaped_safe_str_client(conn->address), conn->port,
4190  why_failed_exit_policy);
4191  connection_edge_end(edge_conn, END_STREAM_REASON_EXITPOLICY);
4192  circuit_detach_stream(circuit_get_by_edge_conn(edge_conn), edge_conn);
4193  connection_free(conn);
4194  return;
4195  }
4196 
4197 #ifdef HAVE_SYS_UN_H
4198  if (conn->socket_family != AF_UNIX) {
4199 #else
4200  {
4201 #endif /* defined(HAVE_SYS_UN_H) */
4202  addr = &conn->addr;
4203  port = conn->port;
4204 
4205  if (tor_addr_family(addr) == AF_INET6)
4206  conn->socket_family = AF_INET6;
4207 
4208  log_debug(LD_EXIT, "about to try connecting");
4209  result = connection_connect(conn, conn->address,
4210  addr, port, &socket_error);
4211 #ifdef HAVE_SYS_UN_H
4212  } else {
4213  /*
4214  * In the AF_UNIX case, we expect to have already had conn->port = 1,
4215  * tor_addr_make_unspec(conn->addr) (cf. the way we mark in the incoming
4216  * case in connection_handle_listener_read()), and conn->address should
4217  * have the socket path to connect to.
4218  */
4219  tor_assert(conn->address && strlen(conn->address) > 0);
4220 
4221  log_debug(LD_EXIT, "about to try connecting");
4222  result = connection_connect_unix(conn, conn->address, &socket_error);
4223 #endif /* defined(HAVE_SYS_UN_H) */
4224  }
4225 
4226  switch (result) {
4227  case -1: {
4228  int reason = errno_to_stream_end_reason(socket_error);
4229  connection_edge_end(edge_conn, reason);
4230  circuit_detach_stream(circuit_get_by_edge_conn(edge_conn), edge_conn);
4231  connection_free(conn);
4232  return;
4233  }
4234  case 0:
4236 
4238  /* writable indicates finish;
4239  * readable/error indicates broken link in windows-land. */
4240  return;
4241  /* case 1: fall through */
4242  }
4243 
4244  conn->state = EXIT_CONN_STATE_OPEN;
4245  if (connection_get_outbuf_len(conn)) {
4246  /* in case there are any queued data cells, from e.g. optimistic data */
4248  } else {
4250  }
4251 
4252  /* also, deliver a 'connected' cell back through the circuit. */
4253  if (connection_edge_is_rendezvous_stream(edge_conn)) {
4254  /* don't send an address back! */
4255  connection_edge_send_command(edge_conn,
4256  RELAY_COMMAND_CONNECTED,
4257  NULL, 0);
4258  } else { /* normal stream */
4259  uint8_t connected_payload[MAX_CONNECTED_CELL_PAYLOAD_LEN];
4260  int connected_payload_len =
4261  connected_cell_format_payload(connected_payload, &conn->addr,
4262  edge_conn->address_ttl);
4263  if (connected_payload_len < 0) {
4264  connection_edge_end(edge_conn, END_STREAM_REASON_INTERNAL);
4265  circuit_detach_stream(circuit_get_by_edge_conn(edge_conn), edge_conn);
4266  connection_free(conn);
4267  return;
4268  }
4269 
4270  connection_edge_send_command(edge_conn,
4271  RELAY_COMMAND_CONNECTED,
4272  (char*)connected_payload,
4273  connected_payload_len);
4274  }
4275 }
4276 
4277 /** Given an exit conn that should attach to us as a directory server, open a
4278  * bridge connection with a linked connection pair, create a new directory
4279  * conn, and join them together. Return 0 on success (or if there was an
4280  * error we could send back an end cell for). Return -(some circuit end
4281  * reason) if the circuit needs to be torn down. Either connects
4282  * <b>exitconn</b>, frees it, or marks it, as appropriate.
4283  */
4284 static int
4286 {
4287  dir_connection_t *dirconn = NULL;
4288  or_circuit_t *circ = TO_OR_CIRCUIT(exitconn->on_circuit);
4289 
4290  log_info(LD_EXIT, "Opening local connection for anonymized directory exit");
4291 
4292  exitconn->base_.state = EXIT_CONN_STATE_OPEN;
4293 
4294  dirconn = dir_connection_new(tor_addr_family(&exitconn->base_.addr));
4295 
4296  tor_addr_copy(&dirconn->base_.addr, &exitconn->base_.addr);
4297  dirconn->base_.port = 0;
4298  dirconn->base_.address = tor_strdup(exitconn->base_.address);
4299  dirconn->base_.type = CONN_TYPE_DIR;
4300  dirconn->base_.purpose = DIR_PURPOSE_SERVER;
4301  dirconn->base_.state = DIR_CONN_STATE_SERVER_COMMAND_WAIT;
4302 
4303  /* Note that the new dir conn belongs to the same tunneled request as
4304  * the edge conn, so that we can measure download times. */
4305  dirconn->dirreq_id = exitconn->dirreq_id;
4306 
4307  connection_link_connections(TO_CONN(dirconn), TO_CONN(exitconn));
4308 
4309  if (connection_add(TO_CONN(exitconn))<0) {
4310  connection_edge_end(exitconn, END_STREAM_REASON_RESOURCELIMIT);
4311  connection_free_(TO_CONN(exitconn));
4312  connection_free_(TO_CONN(dirconn));
4313  return 0;
4314  }
4315 
4316  /* link exitconn to circ, now that we know we can use it. */
4317  exitconn->next_stream = circ->n_streams;
4318  circ->n_streams = exitconn;
4319 
4320  if (connection_add(TO_CONN(dirconn))<0) {
4321  connection_edge_end(exitconn, END_STREAM_REASON_RESOURCELIMIT);
4323  connection_mark_for_close(TO_CONN(exitconn));
4324  connection_free_(TO_CONN(dirconn));
4325  return 0;
4326  }
4327 
4329  connection_start_reading(TO_CONN(exitconn));
4330 
4331  if (connection_edge_send_command(exitconn,
4332  RELAY_COMMAND_CONNECTED, NULL, 0) < 0) {
4333  connection_mark_for_close(TO_CONN(exitconn));
4334  connection_mark_for_close(TO_CONN(dirconn));
4335  return 0;
4336  }
4337 
4338  return 0;
4339 }
4340 
4341 /** Return 1 if <b>conn</b> is a rendezvous stream, or 0 if
4342  * it is a general stream.
4343  */
4344 int
4346 {
4347  tor_assert(conn);
4348  /* It should not be possible to set both of these structs */
4349  tor_assert_nonfatal(!(conn->rend_data && conn->hs_ident));
4350 
4351  if (conn->rend_data || conn->hs_ident) {
4352  return 1;
4353  }
4354  return 0;
4355 }
4356 
4357 /** Return 1 if router <b>exit_node</b> is likely to allow stream <b>conn</b>
4358  * to exit from it, or 0 if it probably will not allow it.
4359  * (We might be uncertain if conn's destination address has not yet been
4360  * resolved.)
4361  */
4362 int
4364  const node_t *exit_node)
4365 {
4366  const or_options_t *options = get_options();
4367 
4368  tor_assert(conn);
4369  tor_assert(conn->socks_request);
4370  tor_assert(exit_node);
4371 
4372  /* If a particular exit node has been requested for the new connection,
4373  * make sure the exit node of the existing circuit matches exactly.
4374  */
4375  if (conn->chosen_exit_name) {
4376  const node_t *chosen_exit =
4378  if (!chosen_exit || tor_memneq(chosen_exit->identity,
4379  exit_node->identity, DIGEST_LEN)) {
4380  /* doesn't match */
4381 // log_debug(LD_APP,"Requested node '%s', considering node '%s'. No.",
4382 // conn->chosen_exit_name, exit->nickname);
4383  return 0;
4384  }
4385  }
4386 
4387  if (conn->use_begindir) {
4388  /* Internal directory fetches do not count as exiting. */
4389  return 1;
4390  }
4391 
4393  tor_addr_t addr, *addrp = NULL;
4395  if (0 == tor_addr_parse(&addr, conn->socks_request->address)) {
4396  addrp = &addr;
4397  } else if (!conn->entry_cfg.ipv4_traffic && conn->entry_cfg.ipv6_traffic) {
4398  tor_addr_make_null(&addr, AF_INET6);
4399  addrp = &addr;
4400  } else if (conn->entry_cfg.ipv4_traffic && !conn->entry_cfg.ipv6_traffic) {
4401  tor_addr_make_null(&addr, AF_INET);
4402  addrp = &addr;
4403  }
4405  exit_node);
4406  if (r == ADDR_POLICY_REJECTED)
4407  return 0; /* We know the address, and the exit policy rejects it. */
4409  return 0; /* We don't know the addr, but the exit policy rejects most
4410  * addresses with this port. Since the user didn't ask for
4411  * this node, err on the side of caution. */
4412  } else if (SOCKS_COMMAND_IS_RESOLVE(conn->socks_request->command)) {
4413  /* Don't send DNS requests to non-exit servers by default. */
4414  if (!conn->chosen_exit_name && node_exit_policy_rejects_all(exit_node))
4415  return 0;
4416  }
4417  if (routerset_contains_node(options->ExcludeExitNodesUnion_, exit_node)) {
4418  /* Not a suitable exit. Refuse it. */
4419  return 0;
4420  }
4421 
4422  return 1;
4423 }
4424 
4425 /** Return true iff the (possibly NULL) <b>alen</b>-byte chunk of memory at
4426  * <b>a</b> is equal to the (possibly NULL) <b>blen</b>-byte chunk of memory
4427  * at <b>b</b>. */
4428 static int
4429 memeq_opt(const char *a, size_t alen, const char *b, size_t blen)
4430 {
4431  if (a == NULL) {
4432  return (b == NULL);
4433  } else if (b == NULL) {
4434  return 0;
4435  } else if (alen != blen) {
4436  return 0;
4437  } else {
4438  return tor_memeq(a, b, alen);
4439  }
4440 }
4441 
4442 /**
4443  * Return true iff none of the isolation flags and fields in <b>conn</b>
4444  * should prevent it from being attached to <b>circ</b>.
4445  */
4446 int
4448  const origin_circuit_t *circ)
4449 {
4450  const uint8_t iso = conn->entry_cfg.isolation_flags;
4451  const socks_request_t *sr = conn->socks_request;
4452 
4453  /* If circ has never been used for an isolated connection, we can
4454  * totally use it for this one. */
4455  if (!circ->isolation_values_set)
4456  return 1;
4457 
4458  /* If circ has been used for connections having more than one value
4459  * for some field f, it will have the corresponding bit set in
4460  * isolation_flags_mixed. If isolation_flags_mixed has any bits
4461  * in common with iso, then conn must be isolated from at least
4462  * one stream that has been attached to circ. */
4463  if ((iso & circ->isolation_flags_mixed) != 0) {
4464  /* For at least one field where conn is isolated, the circuit
4465  * already has mixed streams. */
4466  return 0;
4467  }
4468 
4469  if (! conn->original_dest_address) {
4470  log_warn(LD_BUG, "Reached connection_edge_compatible_with_circuit without "
4471  "having set conn->original_dest_address");
4472  ((entry_connection_t*)conn)->original_dest_address =
4473  tor_strdup(conn->socks_request->address);
4474  }
4475 
4476  if ((iso & ISO_STREAM) &&
4478  ENTRY_TO_CONN(conn)->global_identifier))
4479  return 0;
4480 
4481  if ((iso & ISO_DESTPORT) && conn->socks_request->port != circ->dest_port)
4482  return 0;
4483  if ((iso & ISO_DESTADDR) &&
4484  strcasecmp(conn->original_dest_address, circ->dest_address))
4485  return 0;
4486  if ((iso & ISO_SOCKSAUTH) &&
4487  (! memeq_opt(sr->username, sr->usernamelen,
4488  circ->socks_username, circ->socks_username_len) ||
4489  ! memeq_opt(sr->password, sr->passwordlen,
4490  circ->socks_password, circ->socks_password_len)))
4491  return 0;
4492  if ((iso & ISO_CLIENTPROTO) &&
4493  (conn->socks_request->listener_type != circ->client_proto_type ||
4494  conn->socks_request->socks_version != circ->client_proto_socksver))
4495  return 0;
4496  if ((iso & ISO_CLIENTADDR) &&
4497  !tor_addr_eq(&ENTRY_TO_CONN(conn)->addr, &circ->client_addr))
4498  return 0;
4499  if ((iso & ISO_SESSIONGRP) &&
4500  conn->entry_cfg.session_group != circ->session_group)
4501  return 0;
4502  if ((iso & ISO_NYM_EPOCH) && conn->nym_epoch != circ->nym_epoch)
4503  return 0;
4504 
4505  return 1;
4506 }
4507 
4508 /**
4509  * If <b>dry_run</b> is false, update <b>circ</b>'s isolation flags and fields
4510  * to reflect having had <b>conn</b> attached to it, and return 0. Otherwise,
4511  * if <b>dry_run</b> is true, then make no changes to <b>circ</b>, and return
4512  * a bitfield of isolation flags that we would have to set in
4513  * isolation_flags_mixed to add <b>conn</b> to <b>circ</b>, or -1 if
4514  * <b>circ</b> has had no streams attached to it.
4515  */
4516 int
4518  origin_circuit_t *circ,
4519  int dry_run)
4520 {
4521  const socks_request_t *sr = conn->socks_request;
4522  if (! conn->original_dest_address) {
4523  log_warn(LD_BUG, "Reached connection_update_circuit_isolation without "
4524  "having set conn->original_dest_address");
4525  ((entry_connection_t*)conn)->original_dest_address =
4526  tor_strdup(conn->socks_request->address);
4527  }
4528 
4529  if (!circ->isolation_values_set) {
4530  if (dry_run)
4531  return -1;
4533  ENTRY_TO_CONN(conn)->global_identifier;
4534  circ->dest_port = conn->socks_request->port;
4535  circ->dest_address = tor_strdup(conn->original_dest_address);
4536  circ->client_proto_type = conn->socks_request->listener_type;
4537  circ->client_proto_socksver = conn->socks_request->socks_version;
4538  tor_addr_copy(&circ->client_addr, &ENTRY_TO_CONN(conn)->addr);
4539  circ->session_group = conn->entry_cfg.session_group;
4540  circ->nym_epoch = conn->nym_epoch;
4541  circ->socks_username = sr->username ?
4542  tor_memdup(sr->username, sr->usernamelen) : NULL;
4543  circ->socks_password = sr->password ?
4544  tor_memdup(sr->password, sr->passwordlen) : NULL;
4545  circ->socks_username_len = sr->usernamelen;
4546  circ->socks_password_len = sr->passwordlen;
4547 
4548  circ->isolation_values_set = 1;
4549  return 0;
4550  } else {
4551  uint8_t mixed = 0;
4552  if (conn->socks_request->port != circ->dest_port)
4553  mixed |= ISO_DESTPORT;
4554  if (strcasecmp(conn->original_dest_address, circ->dest_address))
4555  mixed |= ISO_DESTADDR;
4556  if (!memeq_opt(sr->username, sr->usernamelen,
4557  circ->socks_username, circ->socks_username_len) ||
4558  !memeq_opt(sr->password, sr->passwordlen,
4559  circ->socks_password, circ->socks_password_len))
4560  mixed |= ISO_SOCKSAUTH;
4561  if ((conn->socks_request->listener_type != circ->client_proto_type ||
4562  conn->socks_request->socks_version != circ->client_proto_socksver))
4563  mixed |= ISO_CLIENTPROTO;
4564  if (!tor_addr_eq(&ENTRY_TO_CONN(conn)->addr, &circ->client_addr))
4565  mixed |= ISO_CLIENTADDR;
4566  if (conn->entry_cfg.session_group != circ->session_group)
4567  mixed |= ISO_SESSIONGRP;
4568  if (conn->nym_epoch != circ->nym_epoch)
4569  mixed |= ISO_NYM_EPOCH;
4570 
4571  if (dry_run)
4572  return mixed;
4573 
4574  if ((mixed & conn->entry_cfg.isolation_flags) != 0) {
4575  log_warn(LD_BUG, "Updating a circuit with seemingly incompatible "
4576  "isolation flags.");
4577  }
4578  circ->isolation_flags_mixed |= mixed;
4579  return 0;
4580  }
4581 }
4582 
4583 /**
4584  * Clear the isolation settings on <b>circ</b>.
4585  *
4586  * This only works on an open circuit that has never had a stream attached to
4587  * it, and whose isolation settings are hypothetical. (We set hypothetical
4588  * isolation settings on circuits as we're launching them, so that we
4589  * know whether they can handle more streams or whether we need to launch
4590  * even more circuits. Once the circuit is open, if it turns out that
4591  * we no longer have any streams to attach to it, we clear the isolation flags
4592  * and data so that other streams can have a chance.)
4593  */
4594 void
4596 {
4597  if (circ->isolation_any_streams_attached) {
4598  log_warn(LD_BUG, "Tried to clear the isolation status of a dirty circuit");
4599  return;
4600  }
4601  if (TO_CIRCUIT(circ)->state != CIRCUIT_STATE_OPEN) {
4602  log_warn(LD_BUG, "Tried to clear the isolation status of a non-open "
4603  "circuit");
4604  return;
4605  }
4606 
4607  circ->isolation_values_set = 0;
4608  circ->isolation_flags_mixed = 0;
4610  circ->client_proto_type = 0;
4611  circ->client_proto_socksver = 0;
4612  circ->dest_port = 0;
4613  tor_addr_make_unspec(&circ->client_addr);
4614  tor_free(circ->dest_address);
4615  circ->session_group = -1;
4616  circ->nym_epoch = 0;
4617  if (circ->socks_username) {
4618  memwipe(circ->socks_username, 0x11, circ->socks_username_len);
4619  tor_free(circ->socks_username);
4620  }
4621  if (circ->socks_password) {
4622  memwipe(circ->socks_password, 0x05, circ->socks_password_len);
4623  tor_free(circ->socks_password);
4624  }
4625  circ->socks_username_len = circ->socks_password_len = 0;
4626 }
4627 
4628 /** Send an END and mark for close the given edge connection conn using the
4629  * given reason that has to be a stream reason.
4630  *
4631  * Note: We don't unattached the AP connection (if applicable) because we
4632  * don't want to flush the remaining data. This function aims at ending
4633  * everything quickly regardless of the connection state.
4634  *
4635  * This function can't fail and does nothing if conn is NULL. */
4636 void
4638 {
4639  if (!conn) {
4640  return;
4641  }
4642 
4643  connection_edge_end(conn, reason);
4644  connection_mark_for_close(TO_CONN(conn));
4645 }
4646 
4647 /** Free all storage held in module-scoped variables for connection_edge.c */
4648 void
4650 {
4651  untried_pending_connections = 0;
4652  smartlist_free(pending_entry_connections);
4654  mainloop_event_free(attach_pending_entry_connections_ev);
4655 }
#define RELAY_PAYLOAD_SIZE
Definition: or.h:605
uint8_t reply[MAX_SOCKS_REPLY_LEN]
Header file for dirserv.c.
#define AP_CONN_STATE_CONNECT_WAIT
void rep_hist_note_used_internal(time_t now, int need_uptime, int need_capacity)
#define DIR_PURPOSE_SERVER
Definition: directory.h:62
int channel_is_client(const channel_t *chan)
Definition: channel.c:2900
int channel_get_addr_if_possible(channel_t *chan, tor_addr_t *addr_out)
Definition: channel.c:2840
static mainloop_event_t * attach_pending_entry_connections_ev
#define CONN_TYPE_DIR_LISTENER
Definition: connection.h:51
void tor_addr_from_ipv4n(tor_addr_t *dest, uint32_t v4addr)
Definition: address.c:879
smartlist_t * get_connection_array(void)
Definition: mainloop.c:452
uint32_t clip_dns_ttl(uint32_t ttl)
Header file for rendcommon.c.
#define SOCKS_COMMAND_RESOLVE
#define BEGIN_FLAG_IPV6_PREFERRED
const char * tor_addr_to_str(char *dest, const tor_addr_t *addr, size_t len, int decorate)
Definition: address.c:328
STATIC half_edge_t * connection_half_edge_find_stream_id(const smartlist_t *half_conns, streamid_t stream_id)
const char * channel_get_canonical_remote_descr(channel_t *chan)
Definition: channel.c:2823
#define AP_CONN_STATE_RESOLVE_WAIT
#define CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT
Definition: circuitlist.h:95
char identity_digest[DIGEST_LEN]
int connection_edge_update_circuit_isolation(const entry_connection_t *conn, origin_circuit_t *circ, int dry_run)
Header file containing common data for the whole HS subsytem.
int hs_service_set_conn_addr_port(const origin_circuit_t *circ, edge_connection_t *conn)
Definition: hs_service.c:3811
void connection_start_writing(connection_t *conn)
Definition: mainloop.c:688
unsigned int socks_use_extended_errors
int tor_addr_to_PTR_name(char *out, size_t outlen, const tor_addr_t *addr)
Definition: address.c:470
Definition: node_st.h:34
#define ISO_STREAM
Definition: or.h:974
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
uint16_t sa_family_t
Definition: inaddr_st.h:77
#define SOCKS_COMMAND_CONNECT
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
Definition: hs_common.c:957
Header for backtrace.c.
#define TO_CONN(c)
Definition: or.h:735
void connection_ap_about_to_close(entry_connection_t *entry_conn)
extend_info_t * extend_info
Definition: crypt_path_st.h:61
int tor_open_cloexec(const char *path, int flags, unsigned mode)
Definition: files.c:54
int routerset_contains_node(const routerset_t *set, const node_t *node)
Definition: routerset.c:338
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
Header for addressmap.c.
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
const char * escaped_safe_str(const char *address)
Definition: config.c:1128
uint64_t associated_isolated_stream_global_id
void connection_dns_remove(edge_connection_t *conn)
Definition: dns.c:977
tor_addr_t addr
#define TRACKHOSTEXITS_RETRIES
addr_policy_result_t
Definition: policies.h:38
Header file containing client data for the HS subsytem.
extend_info_t * chosen_exit
#define EXIT_PURPOSE_CONNECT
#define EXIT_CONN_STATE_RESOLVING
const char * extend_info_describe(const extend_info_t *ei)
Definition: describe.c:204
void rep_hist_note_exit_stream_opened(uint16_t port)
Definition: rephist.c:1799
unsigned int purpose
Definition: connection_st.h:51
Header file for connection.c.
#define connection_mark_and_flush_(c, line, file)
Definition: connection.h:170
static void set_uint16(void *cp, uint16_t v)
Definition: bytes.h:78
#define EXIT_CONN_STATE_RESOLVEFAILED
#define ISO_DESTPORT
Definition: or.h:960
int tor_addr_parse_PTR_name(tor_addr_t *result, const char *address, int family, int accept_regular)
Definition: address.c:380
Definition: cell_st.h:17
#define LD_GENERAL
Definition: log.h:62
int should_refuse_unknown_exits(const or_options_t *options)
Definition: router.c:1327
void connection_free_(connection_t *conn)
Definition: connection.c:759
#define CIRCUIT_IS_ORIGIN(c)
Definition: circuitlist.h:146
void connection_ap_mark_as_pending_circuit_(entry_connection_t *entry_conn, const char *fname, int lineno)
dir_connection_t * dir_connection_new(int socket_family)
Definition: connection.c:362
addr_policy_result_t compare_tor_addr_to_node_policy(const tor_addr_t *addr, uint16_t port, const node_t *node)
Definition: policies.c:2937
#define DOWNCAST(to, ptr)
Definition: or.h:109
streamid_t stream_id
Definition: or.h:640
#define END_STREAM_REASON_FLAG_ALREADY_SENT_CLOSED
Definition: or.h:279
const char * circuit_purpose_to_string(uint8_t purpose)
Definition: circuitlist.c:900
void connection_link_connections(connection_t *conn_a, connection_t *conn_b)
Definition: connection.c:541
int connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ)
#define LOG_INFO
Definition: log.h:45
Header file for describe.c.
static uint32_t tor_addr_to_ipv4n(const tor_addr_t *a)
Definition: address.h:147
Header file for nodelist.c.
int connection_edge_package_raw_inbuf(edge_connection_t *conn, int package_partial, int *max_cells)
Definition: relay.c:2143
streamid_t get_unique_stream_id_by_circ(origin_circuit_t *circ)
static int connection_exit_connect_dir(edge_connection_t *exitconn)
void rend_client_note_connection_attempt_ended(const rend_data_t *rend_data)
Definition: rendclient.c:967
struct edge_connection_t * next_stream
int tor_addr_hostname_is_local(const char *name)
Definition: address.c:1990
uint8_t state
Definition: circuit_st.h:110
void tor_addr_make_null(tor_addr_t *a, sa_family_t family)
Definition: address.c:235
static int memeq_opt(const char *a, size_t alen, const char *b, size_t blen)
uint8_t purpose
Definition: circuit_st.h:111
unsigned int chosen_exit_optional
void relay_header_unpack(relay_header_t *dest, const uint8_t *src)
Definition: relay.c:488
Header file for directory.c.
int hs_address_is_valid(const char *address)
Definition: hs_common.c:973
void smartlist_add(smartlist_t *sl, void *element)
static int connection_ap_supports_optimistic_data(const entry_connection_t *)
int strcmpend(const char *s1, const char *s2)
Definition: util_string.c:242
rend_service_authorization_t * rend_client_lookup_service_authorization(const char *onion_address)
Definition: rendclient.c:1141
Node information structure.
void assert_circuit_ok(const circuit_t *c)
Definition: circuitlist.c:2755
int addressmap_address_should_automap(const char *address, const or_options_t *options)
Definition: addressmap.c:249
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:41
#define AP_CONN_STATE_RENDDESC_WAIT
int connection_edge_destroy(circid_t circ_id, edge_connection_t *conn)
int connection_or_digest_is_known_relay(const char *id_digest)
#define SUBTYPE_P(p, subtype, basemember)
int smartlist_contains(const smartlist_t *sl, const void *element)
#define TO_CIRCUIT(x)
Definition: or.h:951
smartlist_t * half_streams
Header file for config.c.
edge_connection_t * edge_connection_new(int type, int socket_family)
Definition: connection.c:417
#define fmt_and_decorate_addr(a)
Definition: address.h:220
int connection_edge_finished_connecting(edge_connection_t *edge_conn)
const or_options_t * get_options(void)
Definition: config.c:925
crypt_path_t * cpath
#define tor_assert(expr)
Definition: util_bug.h:102
int control_event_stream_bandwidth(edge_connection_t *edge_conn)
#define LD_EDGE
Definition: log.h:94
struct crypt_path_t * prev
Definition: crypt_path_st.h:75
size_t half_streams_get_total_allocation(void)
#define END_STREAM_REASON_CANT_ATTACH
Definition: or.h:250
unsigned int isolation_any_streams_attached
struct circuit_t * on_circuit
void connection_ap_mark_as_waiting_for_renddesc(entry_connection_t *entry_conn)
addressmap_entry_source_t
Definition: or.h:1023
int strcmpstart(const char *s1, const char *s2)
Definition: util_string.c:206
size_t buf_datalen(const buf_t *buf)
Definition: buffers.c:394
#define tor_free(p)
Definition: malloc.h:52
uint16_t marked_for_close
Definition: circuit_st.h:189
#define tor_fragile_assert()
Definition: util_bug.h:246
#define END_STREAM_REASON_HTTPPROTOCOL
Definition: or.h:269
unsigned int chosen_exit_retries
#define LOG_NOTICE
Definition: log.h:50
mainloop_event_t * mainloop_event_postloop_new(void(*cb)(mainloop_event_t *, void *), void *userdata)
struct smartlist_t * WarnPlaintextPorts
#define SOCKS_COMMAND_RESOLVE_PTR
int smartlist_contains_int_as_string(const smartlist_t *sl, int num)
Definition: smartlist.c:147
void client_dns_set_addressmap(entry_connection_t *for_conn, const char *address, const tor_addr_t *val, const char *exitname, int ttl)
Definition: addressmap.c:723
const char * conn_state_to_string(int type, int state)
Definition: connection.c:277
Header file for mainloop.c.
int fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int log_sockstype, int safe_socks)
Definition: proto_socks.c:825
void mainloop_event_activate(mainloop_event_t *event)
#define MIN_DNS_TTL
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
struct smartlist_t * RejectPlaintextPorts
#define ISO_DESTADDR
Definition: or.h:962
#define EXIT_PURPOSE_RESOLVE
smartlist_t * smartlist_new(void)
unsigned int use_cached_ipv4_answers
STATIC void connection_half_edge_add(const edge_connection_t *conn, origin_circuit_t *circ)
void clear_trackexithost_mappings(const char *exitname)
Definition: addressmap.c:174
hs_circuit_id_protocol_t hs_service_exports_circuit_id(const ed25519_public_key_t *pk)
Definition: hs_service.c:3891
int addressmap_rewrite(char *address, size_t maxlen, unsigned flags, time_t *expires_out, addressmap_entry_source_t *exit_source_out)
Definition: addressmap.c:383
int connection_ap_handshake_attach_circuit(entry_connection_t *conn)
Definition: circuituse.c:2847
int connection_edge_send_command(edge_connection_t *fromconn, uint8_t relay_command, const char *payload, size_t payload_len)
Definition: relay.c:729
struct connection_t * linked_conn
uint8_t payload[CELL_PAYLOAD_SIZE]
Definition: cell_st.h:21
edge_connection_t * TO_EDGE_CONN(connection_t *c)
#define STATIC
Definition: testsupport.h:32
static void set_uint32(void *cp, uint32_t v)
Definition: bytes.h:87
rend_auth_type_t
Definition: or.h:402
#define tor_memneq(a, b, sz)
Definition: di_ops.h:21
#define ENTRY_TO_CONN(c)
Definition: or.h:738
#define MAX_CONNECTED_CELL_PAYLOAD_LEN
void connection_ap_handshake_socks_reply(entry_connection_t *conn, char *reply, size_t replylen, int endreason)
static uint32_t get_uint32(const void *cp)
Definition: bytes.h:54
static int handle_hs_exit_conn(circuit_t *circ, edge_connection_t *conn)
Header file for dnsserv.c.
Circuit-build-stse structure.
void connection_ap_attach_pending(int retry)
#define CIRCUIT_PURPOSE_C_HSDIR_GET
Definition: circuitlist.h:92
STATIC int begin_cell_parse(const cell_t *cell, begin_cell_t *bcell, uint8_t *end_reason_out)
void smartlist_del_keeporder(smartlist_t *sl, int idx)
Header file for routerset.c.
int connection_edge_finished_flushing(edge_connection_t *conn)
streamid_t next_stream_id
#define STREAMWINDOW_START
Definition: or.h:508
Header file for hibernate.c.
rend_data_t * rend_data_client_create(const char *onion_address, const char *desc_id, const char *cookie, rend_auth_type_t auth_type)
Definition: hs_common.c:493
Header file for policies.c.
static uint32_t connection_ap_get_begincell_flags(entry_connection_t *ap_conn)
#define STREAMWINDOW_INCREMENT
Definition: or.h:511
Definition: rendcache.h:29
int directory_permits_begindir_requests(const or_options_t *options)
Definition: dirserv.c:110
#define LD_APP
Definition: log.h:78
static void set_uint8(void *cp, uint8_t v)
Definition: bytes.h:31
struct buf_t * pending_optimistic_data
#define END_STREAM_REASON_INVALID_NATD_DEST
Definition: or.h:262
unsigned int isolation_values_set
Common functions for cryptographic routines.
Header file for channel.c.
socks5_reply_status_t stream_end_reason_to_socks5_response(int reason)
Definition: reasons.c:100
#define LD_CONTROL
Definition: log.h:80
int address_is_invalid_destination(const char *address, int client)
Definition: addressmap.c:1077
int connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
void circpad_machine_event_circ_has_streams(origin_circuit_t *circ)
int connection_half_edge_is_valid_sendme(const smartlist_t *half_conns, streamid_t stream_id)
struct crypt_path_t * cpath_layer
#define ISO_CLIENTADDR
Definition: or.h:968
Header file for routermode.c.
int connection_ap_can_use_exit(const entry_connection_t *conn, const node_t *exit_node)
#define REVERSE_LOOKUP_NAME_BUF_LEN
Definition: address.h:268
int tor_memeq(const void *a, const void *b, size_t sz)
Definition: di_ops.c:107
void half_edge_free_(half_edge_t *he)
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
const char * fmt_addrport(const tor_addr_t *addr, uint16_t port)
Definition: address.c:1174
int connection_edge_compatible_with_circuit(const entry_connection_t *conn, const origin_circuit_t *circ)
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:85
#define ISO_SOCKSAUTH
Definition: or.h:964
Header file for circuitpadding.c.
int connected_pending
Definition: half_edge_st.h:35
hs_ident_edge_conn_t * hs_ident_edge_conn_new(const ed25519_public_key_t *identity_pk)
Definition: hs_ident.c:84
#define DIGEST_LEN
Definition: digest_sizes.h:20
Origin circuit structure.
void tor_addr_from_ipv6_bytes(tor_addr_t *dest, const char *ipv6_bytes)
Definition: address.c:890
static int connection_ap_handshake_process_socks(entry_connection_t *conn)
tor_socket_t s
Definition: connection_st.h:93
const char * node_describe(const node_t *node)
Definition: describe.c:143
#define END_CIRC_AT_ORIGIN
Definition: or.h:305
static int connection_ap_get_original_destination(entry_connection_t *conn, socks_request_t *req)
Master header file for Tor-specific functionality.
int purpose_needs_anonymity(uint8_t dir_purpose, uint8_t router_purpose, const char *resource)
Definition: directory.c:98
#define CIRCUIT_STATE_OPEN
Definition: circuitlist.h:32
void connection_close_immediate(connection_t *conn)
Definition: connection.c:842
void circuit_discard_optional_exit_enclaves(extend_info_t *info)
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
struct buf_t * inbuf
Definition: connection_st.h:98
static smartlist_t * pending_entry_connections
uint16_t streamid_t
Definition: or.h:610
void connection_exit_about_to_close(edge_connection_t *edge_conn)
Header file for circuitbuild.c.
int control_event_stream_status(entry_connection_t *conn, stream_status_event_t tp, int reason_code)
const char * channel_get_actual_remote_address(channel_t *chan)
Definition: channel.c:2806
#define END_STREAM_REASON_PRIVATE_ADDR
Definition: or.h:265
#define BEGIN_FLAG_IPV4_NOT_OK
int tor_addr_parse(tor_addr_t *addr, const char *src)
Definition: address.c:1260
#define AP_CONN_STATE_CIRCUIT_WAIT
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:223
char identity[DIGEST_LEN]
Definition: node_st.h:46
int hexdigest_to_digest(const char *hexdigest, char *digest)
Definition: routerlist.c:664
entry_connection_t * entry_connection_new(int type, int socket_family)
Definition: connection.c:398
Header file for rephist.c.
int sendmes_pending
Definition: half_edge_st.h:28
void smartlist_remove(smartlist_t *sl, const void *element)
void connection_edge_end_close(edge_connection_t *conn, uint8_t reason)
int rend_valid_v2_service_id(const char *query)
Definition: rendcommon.c:719
#define AP_CONN_STATE_HTTP_CONNECT_WAIT
#define LOG_WARN
Definition: log.h:53
Entry connection structure.
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:770
void pathbias_mark_use_rollback(origin_circuit_t *circ)
Definition: circpathbias.c:700
ed25519_public_key_t identity_pk
Definition: hs_ident.h:106
int connection_ap_process_transparent(entry_connection_t *conn)
int dns_resolve(edge_connection_t *exitconn)
Definition: dns.c:618
unsigned int prefer_ipv6_virtaddr
#define END_STREAM_REASON_CANT_FETCH_ORIG_DEST
Definition: or.h:259
Header for netstatus.c.
#define log_fn_ratelim(ratelim, severity, domain, args,...)
Definition: log.h:292
int LeaveStreamsUnattached
Header file for circuituse.c.
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:478
ed25519_public_key_t identity_pk
Definition: hs_ident.h:45
void circuit_clear_isolation(origin_circuit_t *circ)
Extend-info structure.
socks5_reply_status_t
Definition: socks5_status.h:20
void tor_strlower(char *s)
Definition: util_string.c:127
int connection_connect(connection_t *conn, const char *address, const tor_addr_t *addr, uint16_t port, int *socket_error)
Definition: connection.c:2186
#define AP_CONN_STATE_SOCKS_WAIT
void connection_mark_unattached_ap_(entry_connection_t *conn, int endreason, int line, const char *file)
#define LD_REND
Definition: log.h:84
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_PATH_BIAS_TESTING
Definition: circuitlist.h:122
const node_t * router_find_exact_exit_enclave(const char *address, uint16_t port)
Definition: nodelist.c:2201
Header file for rendservice.c.
uint16_t marked_for_close
#define ISO_CLIENTPROTO
Definition: or.h:966
int control_event_client_status(int severity, const char *format,...)
static size_t n_half_conns_allocated
int rend_cache_lookup_entry(const char *query, int version, rend_cache_entry_t **e)
Definition: rendcache.c:522
int connection_state_is_open(connection_t *conn)
Definition: connection.c:4746
int AutomapHostsOnResolve
void * smartlist_bsearch(const smartlist_t *sl, const void *key, int(*compare)(const void *key, const void **member))
Definition: smartlist.c:411
rend_data_t * rend_data_dup(const rend_data_t *data)
Definition: hs_common.c:386
int tor_digest_is_zero(const char *digest)
Definition: util_string.c:96
char * TransProxyType
#define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED
Definition: or.h:283
Fixed-size cell structure.
const node_t * node_get_by_nickname(const char *nickname, unsigned flags)
Definition: nodelist.c:1013
unsigned int edge_has_sent_end
#define DIR_CONN_STATE_SERVER_COMMAND_WAIT
Definition: directory.h:27
int address_is_in_virtual_range(const char *address)
Definition: addressmap.c:855
#define CONN_TYPE_AP_HTTP_CONNECT_LISTENER
Definition: connection.h:73
Client/server directory connection structure.
int connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
unsigned int type
Definition: connection_st.h:50
int addressmap_rewrite_reverse(char *address, size_t maxlen, unsigned flags, time_t *expires_out)
Definition: addressmap.c:503
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
int connection_edge_flushed_some(edge_connection_t *conn)
#define ENTRY_TO_EDGE_CONN(c)
hs_circuit_id_protocol_t
Definition: hs_service.h:187
entry_connection_t * connection_ap_make_link(connection_t *partner, char *address, uint16_t port, const char *digest, int session_group, int isolation_flags, int use_begindir, int want_onehop)
Header file containing circuit data for the whole HS subsytem.
Header file for sendme.c.
char * http_get_header(const char *headers, const char *which)
Definition: directory.c:313
struct routerset_t * ExcludeExitNodes
Definition: or_options_st.h:93
Half-open connection structure.
const char * end_reason_to_http_connect_response_line(int endreason)
Definition: reasons.c:457
void connection_ap_mark_as_non_pending_circuit(entry_connection_t *entry_conn)
Header file for connection_edge.c.
streamid_t stream_id
Definition: half_edge_st.h:24
#define REND_SERVICE_ID_LEN_BASE32
Definition: or.h:331
rend_data_t * rend_data
edge_connection_t * n_streams
Definition: or_circuit_st.h:39
hostname_type_t
origin_circuit_t * TO_ORIGIN_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:165
#define REMAP_STREAM_SOURCE_CACHE
void note_user_activity(time_t now)
Definition: netstatus.c:63
int fetch_from_buf_http(buf_t *buf, char **headers_out, size_t max_headerlen, char **body_out, size_t *body_used, size_t max_bodylen, int force_complete)
Definition: proto_http.c:50
channel_t * p_chan
Definition: or_circuit_st.h:37
const char * circuit_state_to_string(int state)
Definition: circuitlist.c:759
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
char * tor_addr_to_str_dup(const tor_addr_t *addr)
Definition: address.c:1139
int router_compare_to_my_exit_policy(const tor_addr_t *addr, uint16_t port)
Definition: router.c:1584
#define CELL_PAYLOAD_SIZE
Definition: or.h:576
const char * rend_data_get_address(const rend_data_t *rend_data)
Definition: hs_common.c:528
time_t timestamp_last_read_allowed
uint32_t magic
Definition: connection_st.h:46
void hs_inc_rdv_stream_counter(origin_circuit_t *circ)
Definition: hs_common.c:1856
void dnsserv_resolved(entry_connection_t *conn, int answer_type, size_t answer_len, const char *answer, int ttl)
Definition: dnsserv.c:339
#define END_STREAM_REASON_SOCKSPROTOCOL
Definition: or.h:256
const char * marked_for_close_file
void connection_exit_connect(edge_connection_t *edge_conn)
void tor_addr_from_in6(tor_addr_t *dest, const struct in6_addr *in6)
Definition: address.c:901
#define ISO_NYM_EPOCH
Definition: or.h:972
Header file for relay.c.
void connection_ap_handshake_socks_resolved(entry_connection_t *conn, int answer_type, size_t answer_len, const uint8_t *answer, int ttl, time_t expires)
void connection_start_reading(connection_t *conn)
Definition: mainloop.c:632
uint64_t dirreq_id
Definition: circuit_st.h:204
#define CIRCUIT_PURPOSE_S_HSDIR_POST
Definition: circuitlist.h:114
Header file for router.c.
const char * escaped(const char *s)
Definition: escape.c:126
uint16_t port
#define HS_SERVICE_ADDR_LEN_BASE32
Definition: hs_common.h:83
static const struct in6_addr * tor_addr_to_in6(const tor_addr_t *a)
Definition: address.h:112
const char * stream_end_reason_to_string(int reason)
Definition: reasons.c:64
static int connection_ap_handle_onion(entry_connection_t *conn, socks_request_t *socks, origin_circuit_t *circ, hostname_type_t addresstype)
#define CIRCUIT_PURPOSE_C_REND_JOINED
Definition: circuitlist.h:90
#define CIRCUIT_PURPOSE_IS_CLIENT(p)
Definition: circuitlist.h:142
Header for proto_socks.c.
int hs_client_refetch_hsdesc(const ed25519_public_key_t *identity_pk)
Definition: hs_client.c:2033
#define ISO_SESSIONGRP
Definition: or.h:970
int ClientRejectInternalAddresses
uint16_t length
Definition: or.h:642
rend_data_t * rend_data
#define fmt_addr(a)
Definition: address.h:216
static int consider_plaintext_ports(entry_connection_t *conn, uint16_t port)
uint32_t circid_t
Definition: or.h:608
STATIC bool parse_extended_hostname(char *address, hostname_type_t *type_out)
#define CIRCUIT_PURPOSE_OR
Definition: circuitlist.h:39
#define log_fn(severity, domain, args,...)
Definition: log.h:287
void client_dns_set_reverse_addressmap(entry_connection_t *for_conn, const char *address, const char *v, const char *exitname, int ttl)
Definition: addressmap.c:762
#define END_STREAM_REASON_MASK
Definition: or.h:272
#define AP_CONN_STATE_CONTROLLER_WAIT
void rep_hist_note_used_resolve(time_t now)
#define CONN_TYPE_EXIT
Definition: connection.h:44
const hs_descriptor_t * hs_cache_lookup_as_client(const ed25519_public_key_t *key)
Definition: hs_cache.c:829
void mark_circuit_unusable_for_new_conns(origin_circuit_t *circ)
Definition: circuituse.c:3139
int connection_half_edge_is_valid_end(smartlist_t *half_conns, streamid_t stream_id)
#define EXIT_CONN_STATE_OPEN
int connection_ap_handshake_attach_chosen_circuit(entry_connection_t *conn, origin_circuit_t *circ, crypt_path_t *cpath)
Definition: circuituse.c:2762
int data_pending
Definition: half_edge_st.h:32
#define AP_CONN_STATE_OPEN
int we_are_hibernating(void)
Definition: hibernate.c:937
or_circuit_t * TO_OR_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:153
static int my_exit_policy_rejects(const tor_addr_t *addr, uint16_t port, const char **why_rejected)
void connection_mark_for_close_(connection_t *conn, int line, const char *file)
Definition: connection.c:876
int connection_edge_end(edge_connection_t *conn, uint8_t reason)
#define tor_addr_eq(a, b)
Definition: address.h:253
edge_connection_t * p_streams
void connection_ap_handshake_socks_resolved_addr(entry_connection_t *conn, const tor_addr_t *answer, int ttl, time_t expires)
#define CIRCUIT_PURPOSE_C_GENERAL
Definition: circuitlist.h:72
time_t approx_time(void)
Definition: approx_time.c:32
void connection_ap_fail_onehop(const char *failed_digest, cpath_build_state_t *build_state)
socks5_reply_status_t socks_extended_error_code
const char * pathbias_state_to_string(path_state_t state)
Definition: circpathbias.c:265
int node_exit_policy_rejects_all(const node_t *node)
Definition: nodelist.c:1457
int connection_edge_process_inbuf(edge_connection_t *conn, int package_partial)
static int relay_send_end_cell_from_edge(streamid_t stream_id, circuit_t *circ, uint8_t reason, crypt_path_t *cpath_layer)
STATIC int connected_cell_format_payload(uint8_t *payload_out, const tor_addr_t *addr, uint32_t ttl)
unsigned int may_use_optimistic_data
Header file for hs_cache.c.
long tor_parse_long(const char *s, int base, long min, long max, int *ok, char **next)
Definition: parse_int.c:59
Header for proto_http.c.
tor_cmdline_mode_t command
Definition: config.c:2444
circid_t n_circ_id
Definition: circuit_st.h:78
void rep_hist_note_used_port(time_t now, uint16_t port)
Client request structure.
int connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, origin_circuit_t *circ, crypt_path_t *cpath)
struct routerset_t * ExcludeExitNodesUnion_
Definition: or_options_st.h:99
struct evdns_server_request * dns_server_request
unsigned int has_finished
unsigned int linked
Definition: connection_st.h:75
void node_get_address_string(const node_t *node, char *buf, size_t len)
Definition: nodelist.c:1596
static void connection_edge_about_to_close(edge_connection_t *edge_conn)
Header file for buffers.c.
int rend_client_any_intro_points_usable(const rend_cache_entry_t *entry)
Definition: rendclient.c:1122
Header file for reasons.c.
int connection_half_edge_is_valid_resolved(smartlist_t *half_conns, streamid_t stream_id)
tor_addr_t addr
#define CONN_TYPE_DIR
Definition: connection.h:53
int connection_ap_handshake_send_begin(entry_connection_t *ap_conn)
circuit_t * circuit_get_by_edge_conn(edge_connection_t *conn)
Definition: circuitlist.c:1577
Header file for connection_or.c.
void circuit_read_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
Definition: circuituse.c:3184
static void tell_controller_about_resolved_result(entry_connection_t *conn, int answer_type, size_t answer_len, const char *answer, int ttl, time_t expires)
#define MAX_DNS_TTL
void circuit_detach_stream(circuit_t *circ, edge_connection_t *conn)
Definition: circuituse.c:1388
char address[MAX_SOCKS_ADDR_LEN]
#define LD_NET
Definition: log.h:66
int connection_edge_reached_eof(edge_connection_t *conn)
int CircuitStreamTimeout
void smartlist_insert(smartlist_t *sl, int idx, void *val)
int connection_ap_handshake_send_resolve(entry_connection_t *ap_conn)
#define tor_addr_to_in6_addr8(x)
Definition: address.h:130
void connection_watch_events(connection_t *conn, watchable_events_t events)
Definition: mainloop.c:494
unsigned int is_transparent_ap
void connection_ap_expire_beginning(void)
#define AP_CONN_STATE_IS_UNATTACHED(s)
Header for compat_libevent.c.
int server_mode(const or_options_t *options)
Definition: routermode.c:34
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:909
int connection_ap_rewrite_and_attach_if_allowed(entry_connection_t *conn, origin_circuit_t *circ, crypt_path_t *cpath)
int rend_service_set_connection_addr_port(edge_connection_t *conn, origin_circuit_t *circ)
Definition: rendservice.c:4387
#define CIRCUIT_PURPOSE_S_REND_JOINED
Definition: circuitlist.h:112
struct hs_ident_circuit_t * hs_ident
#define CONN_TYPE_AP
Definition: connection.h:49
int connection_ap_detach_retriable(entry_connection_t *conn, origin_circuit_t *circ, int reason)
#define AP_CONN_STATE_NATD_WAIT
uint8_t errno_to_stream_end_reason(int e)
Definition: reasons.c:177
#define BEGIN_FLAG_IPV6_OK
Header file for rendclient.c.
socks_request_t * socks_request
Header file for control_events.c.
#define LD_PROTOCOL
Definition: log.h:72
int connection_buf_get_line(connection_t *conn, char *data, size_t *data_len)
Definition: connection.c:3996
int buf_set_to_copy(buf_t **output, const buf_t *input)
Definition: buffers.c:891
int ClientDNSRejectInternalAddresses
int parse_http_command(const char *headers, char **command_out, char **url_out)
Definition: directory.c:259
void rend_client_refetch_v2_renddesc(rend_data_t *rend_query)
Definition: rendclient.c:709
const char * addressmap_register_virtual_address(int type, char *new_address)
Definition: addressmap.c:995
static int connection_half_edge_compare_bsearch(const void *key, const void **member)
#define RELAY_HEADER_SIZE
Definition: or.h:603
void pathbias_mark_use_success(origin_circuit_t *circ)
Definition: circpathbias.c:661
uint8_t command
Definition: or.h:638
static int compute_retry_timeout(entry_connection_t *conn)
void connection_ap_rescan_and_attach_pending(void)
int tor_addr_from_sockaddr(tor_addr_t *a, const struct sockaddr *sa, uint16_t *port_out)
Definition: address.c:165
void sendme_connection_edge_consider_sending(edge_connection_t *conn)
Definition: sendme.c:375
uint8_t state
Definition: connection_st.h:49
static int connection_ap_process_natd(entry_connection_t *conn)
int control_event_address_mapped(const char *from, const char *to, time_t expires, const char *error, const int cached)
uint16_t orig_virtual_port
Definition: hs_ident.h:111
Header file for networkstatus.c.
int hs_client_any_intro_points_usable(const ed25519_public_key_t *service_pk, const hs_descriptor_t *desc)
Definition: hs_client.c:2010
#define LD_BUG
Definition: log.h:86
Header file for dns.c.
Header file for predict_ports.c.
#define EXIT_CONN_STATE_CONNECTING
char identity_digest[DIGEST_LEN]
Definition: channel.h:383
enum or_options_t::@2 TransProxyType_parsed
STATIC int connection_ap_process_http_connect(entry_connection_t *conn)
int smartlist_bsearch_idx(const smartlist_t *sl, const void *key, int(*compare)(const void *key, const void **member), int *found_out)
Definition: smartlist.c:428
Header file for routerlist.c.
const char * escaped_safe_str_client(const char *address)
Definition: config.c:1116
int connection_half_edge_is_valid_connected(const smartlist_t *half_conns, streamid_t stream_id)
void connection_edge_free_all(void)
int connection_half_edge_is_valid_data(const smartlist_t *half_conns, streamid_t stream_id)
void dnsserv_reject_request(entry_connection_t *conn)
Definition: dnsserv.c:289
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:182
#define SOCKS4_NETWORK_LEN
Definition: or.h:563
int connection_edge_end_errno(edge_connection_t *conn)
int tor_addr_port_split(int severity, const char *addrport, char **address_out, uint16_t *port_out)
Definition: address.c:1823
char * tor_dup_ip(uint32_t addr)
Definition: address.c:1953